diff --git src/wp-includes/user.php src/wp-includes/user.php index 436a664..474d10f 100644 --- src/wp-includes/user.php +++ src/wp-includes/user.php @@ -2140,16 +2140,95 @@ function wp_update_user($userdata) { // Escape data pulled from DB. $user = add_magic_quotes( $user ); - // If password is changing, hash it now. + wp_cache_delete( $user[ 'user_email' ], 'useremail' ); + if ( ! empty($userdata['user_pass']) ) { + // If password is changing, hash it now $plaintext_pass = $userdata['user_pass']; - $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); + $userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] ); + + // And send the user a notification + + /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ + $email_text = __( 'Howdy ###USERNAME###, + +This notice confirms that your password was changed on ###SITENAME###. + +If you did not change your password, please contact the Site Administrator at +###ADMIN_EMAIL### + +This email has been sent to ###EMAIL### + +Regards, +All at ###SITENAME### +###SITEURL###' ); + + /** + * Filter the email text sent when the user's password is changed. + * + * The following strings have a special meaning and will get replaced dynamically: + * ###USERNAME### The current user's username. + * ###ADMIN_EMAIL### The link to click on to confirm the email change. + * ###EMAIL### The new email. + * ###SITENAME### The name of the site. + * ###SITEURL### The URL to the site. + * + * @since 4.3 + * + * @param string $email_text Text in the email. + */ + $content = apply_filters( 'user_password_change_email_content', $email_text ); + + $content = str_replace( '###USERNAME###', $user['user_login'], $content ); + $content = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $content ); + $content = str_replace( '###EMAIL###', $user['user_email'], $content ); + $content = str_replace( '###SITENAME###', get_option( 'blogname' ), $content ); + $content = str_replace( '###SITEURL###', get_option( 'siteurl' ), $content ); + + wp_mail( $user['user_email'], sprintf( __( '[%s] Notice of Password Change' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); } - wp_cache_delete($user[ 'user_email' ], 'useremail'); + if ( $user['user_email'] !== $userdata['user_email'] ) { + $email_text = __( 'Howdy ###USERNAME###, + +This notice confirms that your email was changed on ###SITENAME###. + +If you did not change your email, please contact the Site Administrator at +###ADMIN_EMAIL### + +This email has been sent to ###EMAIL### + +Regards, +All at ###SITENAME### +###SITEURL###' ); + + /** + * Filter the email text sent when the user's email is changed. + * + * The following strings have a special meaning and will get replaced dynamically: + * ###USERNAME### The current user's username. + * ###ADMIN_EMAIL### The link to click on to confirm the email change. + * ###EMAIL### The new email. + * ###SITENAME### The name of the site. + * ###SITEURL### The URL to the site. + * + * @since 4.3 + * + * @param string $email_text Text in the email. + */ + $content = apply_filters( 'user_email_change_email_content', $email_text ); + + $content = str_replace( '###USERNAME###', $user['user_login'], $content ); + $content = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $content ); + $content = str_replace( '###EMAIL###', $user['user_email'], $content ); + $content = str_replace( '###SITENAME###', get_option( 'blogname' ), $content ); + $content = str_replace( '###SITEURL###', get_option( 'siteurl' ), $content ); + + wp_mail( $user['user_email'], sprintf( __( '[%s] Notice of Email Change' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); + } // Merge old and new fields with new fields overwriting old ones. - $userdata = array_merge($user, $userdata); + $userdata = array_merge( $user, $userdata ); $user_id = wp_insert_user($userdata); // Update the cookies if the password changed.