Make WordPress Core


Ignore:
Timestamp:
07/06/2023 12:45:45 PM (20 months ago)
Author:
audrasjb
Message:

Users: Remove password reset links when the feature is not allowed for a specific user.

This also introduces wp_is_password_reset_allowed_for_user() which returns false when password reset is not allowed for a specific user. This can be
filtered by developers using the existing allow_password_reset hook.

Props ocean90, cshark, robinwpdeveloper, tahmina1du, kraftbj.
Fixes #58194.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-users-list-table.php

    r55971 r56150  
    503503            if ( get_current_user_id() !== $user_object->ID
    504504                && current_user_can( 'edit_user', $user_object->ID )
     505                && true === wp_is_password_reset_allowed_for_user( $user_object )
    505506            ) {
    506507                $actions['resetpassword'] = "<a class='resetpassword' href='" . wp_nonce_url( "users.php?action=resetpassword&amp;users=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Send password reset' ) . '</a>';
Note: See TracChangeset for help on using the changeset viewer.