Invalidate password keys when a user's email changes.

Merges [30430] to the 4.0 branch. Built from https://develop.svn.wordpress.org/branches/4.0@30431 git-svn-id: http://core.svn.wordpress.org/branches/4.0@30426 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:40:53 +00:00 · 2014-11-20 13:40:53 +00:00 · 65ac1b9a84
parent 5fcfb73bf6
commit 65ac1b9a84
1 changed files with 3 additions and 0 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1818,6 +1818,9 @@ function wp_insert_user( $userdata ) {
 	$data = wp_unslash( $compacted );

 	if ( $update ) {
+		if ( $user_email !== $old_user_data->user_email ) {
+			$data['user_activation_key'] = '';
+		}
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
 		$user_id = (int) $ID;
 	} else {