Make WordPress Core


Ignore:
Timestamp:
04/29/2020 04:57:01 PM (5 years ago)
Author:
whyisjake
Message:

User: Invalidate user_activation_key on password update.
Query: Ensure that only a single post can be returned on date/time based queries.
Cache API: Ensure proper escaping around the stats method in the cache API.
Formatting: Expand sanitize_file_name to have better support for utf8 characters.

Brings the changes in [47634], [47635], [47637], and [47638] to the 3.8 branch.

Props: batmoo, ehti, nickdaugherty, peterwilsoncc, sergeybiryukov, sstoqnov, westi, whyisjake, whyisjake, xknown.

Location:
branches/3.8
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8

  • branches/3.8/tests/phpunit/tests/user.php

    r47338 r47661  
    589589    }
    590590
    591     function test_changing_email_invalidates_password_reset_key() {
     591    public function test_changing_email_invalidates_password_reset_key() {
    592592        global $wpdb;
    593593
     
    620620        $this->assertEmpty( $user->user_activation_key );
    621621    }
     622
     623    public function test_changing_password_invalidates_password_reset_key() {
     624        global $wpdb;
     625
     626        $user = $this->factory->user->create_and_get();
     627        $wpdb->update( $wpdb->users, array( 'user_activation_key' => 'key' ), array( 'ID' => $user->ID ) );
     628        clean_user_cache( $user );
     629
     630        $user = get_userdata( $user->ID );
     631        $this->assertEquals( 'key', $user->user_activation_key );
     632
     633        $userdata = array(
     634            'ID'        => $user->ID,
     635            'user_pass' => 'password',
     636        );
     637        wp_update_user( $userdata );
     638
     639        $user = get_userdata( $user->ID );
     640        $this->assertEmpty( $user->user_activation_key );
     641    }
     642
    622643}
Note: See TracChangeset for help on using the changeset viewer.