Make WordPress Core

Changeset 37317


Ignore:
Timestamp:
04/27/2016 05:54:40 AM (8 years ago)
Author:
jeremyfelt
Message:

Users: Prevent spammy users from resetting their passwords in multisite

Props r-a-y, websupporter.
Fixes #24617.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r37316 r37317  
    20372037    do_action( 'retrieve_password', $user->user_login );
    20382038
     2039    $allow = true;
     2040    if ( is_multisite() && is_user_spammy( $user ) ) {
     2041        $allow = false;
     2042    }
     2043
    20392044    /**
    20402045     * Filter whether to allow a password to be reset.
     
    20452050     * @param int  $user_data->ID The ID of the user attempting to reset a password.
    20462051     */
    2047     $allow = apply_filters( 'allow_password_reset', true, $user->ID );
     2052    $allow = apply_filters( 'allow_password_reset', $allow, $user->ID );
    20482053
    20492054    if ( ! $allow ) {
Note: See TracChangeset for help on using the changeset viewer.