[wp-trac] [WordPress Trac] #25853: Changeset 25696 breaks expected value of argument sent to filter 'retrieve_password_message'
WordPress Trac
noreply at wordpress.org
Wed Nov 6 23:20:16 UTC 2013
#25853: Changeset 25696 breaks expected value of argument sent to filter
'retrieve_password_message'
--------------------------+-----------------------------
Reporter: dcavins | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.7.1
Severity: minor | Keywords:
--------------------------+-----------------------------
In changeset 25696 to wp-login.php, the function 'retrieve_password' was
changed to hash the generated key about line 350:
{{{$hashed = $wp_hasher->HashPassword( $key );}}}
However, the filter 'retrieve_password_message' is still sending $key as
an argument, line 385
{{{$message = apply_filters( 'retrieve_password_message', $message, $key
);}}}
So any existing filters are no longer receiving the value stored in the
database (which matters because filtering 'retrieve_password_message'
almost has to include a search on that value to get the requestor's
user_login, which is required for the password reset link to work).
A simple fix is changing line 385 to
{{{$message = apply_filters( 'retrieve_password_message', $message,
$hashed );}}}
Thanks for the great software!
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25853>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list