Changeset 60634 for trunk/src/wp-includes/user.php

Timestamp:

08/13/2025 08:12:46 PM (3 months ago)

Author:

davidbaumwald

Message:

Users: Fire wp_set_password action when creating or updating a user's password.

Various filters and actions fire during user creation and editing, making available all manner of user data to be acted upon by custom code. However, a user's password was not included in the data that was made available.

This change now fires an existing action, wp_set_password, during initial user creation and when an existing user's password is updated.

Props ChloeD, scribu, dd32, pento, chriscct7, johnbillion, logicrays, nimeshatxecurify.
Fixes #22114.

File:

• trunk/src/wp-includes/user.php (modified) (2 diffs)

trunk/src/wp-includes/user.php

@@ -2502 +2502 @@
     $user = new WP_User( $user_id );
 
+    if ( ! $update ) {
+        /** This action is documented in wp-includes/pluggable.php */
+        do_action( 'wp_set_password', $userdata['user_pass'], $user_id, $userdata );
+    }
+
     /**
      * Filters a user's meta values and keys immediately after the user is created or updated
@@ -2684 +2689 @@
         $plaintext_pass        = $userdata['user_pass'];
         $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] );
+
+        /** This action is documented in wp-includes/pluggable.php */
+        do_action( 'wp_set_password', $plaintext_pass, $user_id, $user_obj );
 
         /**