Users: Fetch user by login in `retrieve_password()` if not found by email.

This ensures that sending a password reset link works as expected if the user's login and email were initially the same, but the email address was subsequently updated and no longer matches the login, which is still set to the old address.

Follow-up to [6643], [18513], [19056], [37474], [50129], [50140].

Props donmhico, pbearne, azouamauriac, boblindner, daxelrod, audrasjb, SergeyBiryukov.
Fixes #53634.
Built from https://develop.svn.wordpress.org/trunk@54477


git-svn-id: http://core.svn.wordpress.org/trunk@54036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2022-10-11 13:45:13 +00:00
parent c985972791
commit 13cca70167
2 changed files with 10 additions and 3 deletions

View File

@ -3038,15 +3038,22 @@ function retrieve_password( $user_login = null ) {
$user_login = $_POST['user_login'];
}
$user_login = trim( wp_unslash( $user_login ) );
if ( empty( $user_login ) ) {
$errors->add( 'empty_username', __( '<strong>Error:</strong> Please enter a username or email address.' ) );
} elseif ( strpos( $user_login, '@' ) ) {
$user_data = get_user_by( 'email', trim( wp_unslash( $user_login ) ) );
$user_data = get_user_by( 'email', $user_login );
if ( empty( $user_data ) ) {
$user_data = get_user_by( 'login', $user_login );
}
if ( empty( $user_data ) ) {
$errors->add( 'invalid_email', __( '<strong>Error:</strong> There is no account with that username or email address.' ) );
}
} else {
$user_data = get_user_by( 'login', trim( wp_unslash( $user_login ) ) );
$user_data = get_user_by( 'login', $user_login );
}
/**

View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.1-beta3-54476';
$wp_version = '6.1-beta3-54477';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.