Changeset 45714
- Timestamp:
- 08/01/2019 05:24:20 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/user.php
r45713 r45714 1469 1469 * Most of the `$userdata` array fields have filters associated with the values. Exceptions are 1470 1470 * 'ID', 'rich_editing', 'syntax_highlighting', 'comment_shortcuts', 'admin_color', 'use_ssl', 1471 * 'user_registered', ' spam', and 'role'. The filters have the prefix 'pre_user_' followed by the1472 * field name. An example using 'description' would have the filter called, 'pre_user_description'1473 * that can be hooked into.1471 * 'user_registered', 'user_activation_key', 'spam', and 'role'. The filters have the prefix 1472 * 'pre_user_' followed by the field name. An example using 'description' would have the filter 1473 * called 'pre_user_description' that can be hooked into. 1474 1474 * 1475 1475 * @since 2.0.0 … … 1477 1477 * methods for new installations. See wp_get_user_contact_methods(). 1478 1478 * @since 4.7.0 The user's locale can be passed to `$userdata`. 1479 * @since 5.3.0 The `user_activation_key` field can be passed to `$userdata`. 1479 1480 * @since 5.3.0 The `spam` field can be passed to `$userdata` (Multisite only). 1480 1481 * … … 1511 1512 * https. Default false. 1512 1513 * @type string $user_registered Date the user registered. Format is 'Y-m-d H:i:s'. 1514 * @type string $user_activation_key Password reset key. Default empty. 1513 1515 * @type bool $spam Multisite only. Whether the user is marked as spam. 1514 1516 * Default false. … … 1661 1663 1662 1664 $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered']; 1665 1666 $user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key']; 1663 1667 1664 1668 if ( isset( $userdata['spam'] ) && ! is_multisite() ) { … … 1756 1760 $meta['locale'] = isset( $userdata['locale'] ) ? $userdata['locale'] : ''; 1757 1761 1758 $compacted = compact( 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered', ' display_name' );1762 $compacted = compact( 'user_pass', 'user_nicename', 'user_email', 'user_url', 'user_registered', 'user_activation_key', 'display_name' ); 1759 1763 $data = wp_unslash( $compacted ); 1760 1764 … … 2249 2253 * @since 4.4.0 2250 2254 * 2251 * @global wpdb $wpdb WordPress database abstraction object.2252 2255 * @global PasswordHash $wp_hasher Portable PHP password hashing framework. 2253 2256 * … … 2257 2260 */ 2258 2261 function get_password_reset_key( $user ) { 2259 global $wp db, $wp_hasher;2262 global $wp_hasher; 2260 2263 2261 2264 if ( ! ( $user instanceof WP_User ) ) { … … 2323 2326 $wp_hasher = new PasswordHash( 8, true ); 2324 2327 } 2325 $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 2326 $key_saved = $wpdb->update( $wpdb->users, array( 'user_activation_key' => $hashed ), array( 'user_login' => $user->user_login ) ); 2327 if ( false === $key_saved ) { 2328 return new WP_Error( 'no_password_key_update', __( 'Could not save password reset key to database.' ) ); 2328 2329 $hashed = time() . ':' . $wp_hasher->HashPassword( $key ); 2330 2331 $key_saved = wp_update_user( 2332 array( 2333 'ID' => $user->ID, 2334 'user_activation_key' => $hashed, 2335 ) 2336 ); 2337 2338 if ( is_wp_error( $key_saved ) ) { 2339 return $key_saved; 2329 2340 } 2330 2341 -
trunk/tests/phpunit/tests/auth.php
r43571 r45714 228 228 229 229 /** 230 * @ticket 45746 231 */ 232 function test_user_activation_key_is_saved() { 233 $user = get_userdata( $this->user->ID ); 234 $key = get_password_reset_key( $user ); 235 236 // A correctly saved key should be accepted 237 $check = check_password_reset_key( $key, $this->user->user_login ); 238 $this->assertNotWPError( $check ); 239 $this->assertInstanceOf( 'WP_User', $check ); 240 $this->assertSame( $this->user->ID, $check->ID ); 241 } 242 243 /** 230 244 * @ticket 32429 231 245 */
Note: See TracChangeset
for help on using the changeset viewer.