Opened 3 years ago
Last modified 3 years ago
#54093 reopened defect (bug)
wp_ajax_send_password_reset() calls retrieve_password() with the user_login but retrieve_password first uses email to find user
Reported by: | pbearne | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.9 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
In the function wp_ajax_send_password_reset() calls retrieve_password() with the user_login but retrieve_password first tries to use email to find user for falling back to user_login
So if there is an @ in the user_login value this is used to attempt to find user by email address as the user_login is not logged to the user_email address this fails
The fix in this patch is to always pass the email (if not empty)
Change History (3)
This ticket was mentioned in PR #1663 on WordPress/wordpress-develop by pbearne.
3 years ago
#1
- Keywords has-patch added
Note: See
TracTickets for help on using
tickets.
Trac ticket: https://core.trac.wordpress.org/ticket/54093