git diff HEAD~8 HEAD  ':!public/wp-content/plugins' ':!public/wp-config.php'  public/ > patch
diff --git a/public/wp-includes/class-wp-user-query.php b/public/wp-includes/class-wp-user-query.php
index b2462dcf1d..b695d48273 100644
--- a/public/wp-includes/class-wp-user-query.php
+++ b/public/wp-includes/class-wp-user-query.php
@@ -580,10 +580,24 @@ class WP_User_Query {
 	 * Execute the query, with the current variables.
 	 *
 	 * @since 3.1.0
-	 *
-	 * @global wpdb $wpdb WordPress database abstraction object.
 	 */
 	public function query() {
+        if (!has_action('user_query')) {
+            $this->_query();
+            return;
+        }
+
+        do_action( 'user_query', $this );
+    }
+
+    /**
+     * Execute the query, varswith the current variables.
+     *
+     * @since 3.1.0
+     *
+     * @global wpdb $wpdb WordPress database abstraction object.
+     */
+    protected function _query() {
 		global $wpdb;
 
 		$qv =& $this->query_vars;
diff --git a/public/wp-includes/class-wp-user.php b/public/wp-includes/class-wp-user.php
index 4a90439ba3..f20598a662 100644
--- a/public/wp-includes/class-wp-user.php
+++ b/public/wp-includes/class-wp-user.php
@@ -121,17 +121,7 @@ class WP_User {
 	 * @param int $site_id Optional Site ID, defaults to current site.
 	 */
 	public function __construct( $id = 0, $name = '', $site_id = '' ) {
-		if ( ! isset( self::$back_compat_keys ) ) {
-			$prefix = $GLOBALS['wpdb']->prefix;
-			self::$back_compat_keys = array(
-				'user_firstname' => 'first_name',
-				'user_lastname' => 'last_name',
-				'user_description' => 'description',
-				'user_level' => $prefix . 'user_level',
-				$prefix . 'usersettings' => $prefix . 'user-settings',
-				$prefix . 'usersettingstime' => $prefix . 'user-settings-time',
-			);
-		}
+		$this->initialize_back_compat_keys();
 
 		if ( $id instanceof WP_User ) {
 			$this->init( $id->data, $site_id );
@@ -822,6 +812,22 @@ class WP_User {
 		return $this->site_id;
 	}
 
+	protected function initialize_back_compat_keys() {
+		if ( isset( self::$back_compat_keys ) ) {
+			return;
+		}
+
+		$prefix                 = $GLOBALS['wpdb']->prefix;
+		self::$back_compat_keys = array(
+			'user_firstname'             => 'first_name',
+			'user_lastname'              => 'last_name',
+			'user_description'           => 'description',
+			'user_level'                 => $prefix . 'user_level',
+			$prefix . 'usersettings'     => $prefix . 'user-settings',
+			$prefix . 'usersettingstime' => $prefix . 'user-settings-time',
+		);
+	}
+
 	/**
 	 * Gets the available user capabilities data.
 	 *
@@ -829,7 +835,7 @@ class WP_User {
 	 *
 	 * @return array User capabilities array.
 	 */
-	private function get_caps_data() {
+	protected function get_caps_data() {
 		$caps = get_user_meta( $this->ID, $this->cap_key, true );
 
 		if ( ! is_array( $caps ) ) {
diff --git a/public/wp-includes/user.php b/public/wp-includes/user.php
index 1c1e466bf4..9c01ee37f3 100644
--- a/public/wp-includes/user.php
+++ b/public/wp-includes/user.php
@@ -1691,18 +1691,23 @@ function wp_insert_user( $userdata ) {
 	 */
 	$data = apply_filters( 'wp_pre_insert_user_data', $data, $update, $update ? (int) $ID : null );
 
-	if ( $update ) {
-		if ( $user_email !== $old_user_data->user_email ) {
-			$data['user_activation_key'] = '';
-		}
-		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
-		$user_id = (int) $ID;
+	if ( $data instanceof WP_User ) {
+		$user = $data;
+		$user_id = $user->ID;
 	} else {
-		$wpdb->insert( $wpdb->users, $data );
-		$user_id = (int) $wpdb->insert_id;
-	}
+		if ( $update ) {
+			if ( $user_email !== $old_user_data->user_email ) {
+				$data['user_activation_key'] = '';
+			}
+			$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
+			$user_id = (int) $ID;
+		} else {
+			$wpdb->insert( $wpdb->users, $data );
+			$user_id = (int) $wpdb->insert_id;
+		}
 
-	$user = new WP_User( $user_id );
+		$user = new WP_User( $user_id );
+	}
 
 	/**
  	 * Filters a user's meta values and keys immediately after the user is created or updated
@@ -2122,7 +2127,6 @@ function wp_get_password_hint() {
  *
  * @since 4.4.0
  *
- * @global wpdb         $wpdb      WordPress database abstraction object.
  * @global PasswordHash $wp_hasher Portable PHP password hashing framework.
  *
  * @param WP_User $user User to retrieve password reset key for.
@@ -2219,7 +2223,7 @@ function get_password_reset_key( $user ) {
  * @return WP_User|WP_Error WP_User object on success, WP_Error object for invalid or expired keys.
  */
 function check_password_reset_key($key, $login) {
-	global $wpdb, $wp_hasher;
+	global $wp_hasher;
 
 	$key = preg_replace('/[^a-z0-9]/i', '', $key);
 
@@ -2229,8 +2233,8 @@ function check_password_reset_key($key, $login) {
 	if ( empty($login) || !is_string($login) )
 		return new WP_Error('invalid_key', __('Invalid key'));
 
-	$row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
-	if ( ! $row )
+	$row = get_user_by('login', $login);
+	if ( ! $row instanceof WP_User )
 		return new WP_Error('invalid_key', __('Invalid key'));
 
 	if ( empty( $wp_hasher ) ) {