Changeset 57711

Timestamp:

02/26/2024 10:41:50 AM (2 months ago)

Author:

swissspidy

Message:

Login and Registration: Slash email address when updating an existing user.

Addresses an issue with password reset keys when the email address contains special characters such as apostrophes.

Props emirpprime, rajinsharwar, fnpen, hellofromTonya, oglekler, nicolefurlan.
Fixes #52529.

Location:

trunk

Files:

• src/wp-includes/user.php (modified) (1 diff)
• tests/phpunit/tests/auth.php (modified) (1 diff)

trunk/src/wp-includes/user.php

@@ -2097 +2097 @@
         }
 
+        // Slash current user email to compare it later with slashed new user email.
+        $old_user_data->user_email = wp_slash( $old_user_data->user_email );
+
         // Hashed in wp_update_user(), plaintext if called directly.
         $user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;

trunk/tests/phpunit/tests/auth.php

@@ -839 +839 @@
     }
 
+    /**
+     * @ticket 52529
+     */
+    public function test_reset_password_with_apostrophe_in_email() {
+        $user_args = array(
+            'user_email' => "jo'hn@example.com",
+            'user_pass'  => 'password',
+        );
+
+        $user_id = self::factory()->user->create( $user_args );
+
+        $user = get_userdata( $user_id );
+        $key  = get_password_reset_key( $user );
+
+        // A correctly saved key should be accepted.
+        $check = check_password_reset_key( $key, $user->user_login );
+
+        $this->assertNotWPError( $check );
+        $this->assertInstanceOf( 'WP_User', $check );
+        $this->assertSame( $user_id, $check->ID );
+    }
+
     public function data_application_passwords_can_use_capability_checks_to_determine_feature_availability() {
         return array(