Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#54093 reopened defect (bug)

wp_ajax_send_password_reset() calls retrieve_password() with the user_login but retrieve_password first uses email to find user

Reported by: pbearne's profile pbearne Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.9
Component: Users Keywords: has-patch
Focuses: Cc:

Description

In the function wp_ajax_send_password_reset() calls retrieve_password() with the user_login but retrieve_password first tries to use email to find user for falling back to user_login

So if there is an @ in the user_login value this is used to attempt to find user by email address as the user_login is not logged to the user_email address this fails

The fix in this patch is to always pass the email (if not empty)

Change History (3)

This ticket was mentioned in PR #1663 on WordPress/wordpress-develop by pbearne.


3 years ago
#1

  • Keywords has-patch added

#2 @SergeyBiryukov
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi there, thanks for the ticket and the PR!

We're already tracking this issue in #22367, let's continue the discussion there.

#3 @pbearne
3 years ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

@SergeyBiryukov I saw #22367 but doesn't fix the issue I fixed in this patch
I agree its a similar problem
And #22367 is 2 years old and fixed this patch can go in ahead the patch in #22367

Note: See TracTickets for help on using tickets.