[wp-trac] [WordPress Trac] #54093: wp_ajax_send_password_reset() calls retrieve_password() with the user_login but retrieve_password first uses email to find user
WordPress Trac
noreply at wordpress.org
Wed Sep 8 20:02:49 UTC 2021
#54093: wp_ajax_send_password_reset() calls retrieve_password() with the user_login
but retrieve_password first uses email to find user
--------------------------+-----------------------------
Reporter: pbearne | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
In the function wp_ajax_send_password_reset() calls retrieve_password()
with the user_login but retrieve_password first tries to use email to find
user for falling back to user_login
So if there is an @ in the user_login value this is used to attempt to
find user by email address as the user_login is not logged to the
user_email address this fails
The fix in this patch is to always pass the email (if not empty)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54093>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list