Invalidate password keys when a user's email changes.

Merges [30430] to the 3.7 branch. Built from https://develop.svn.wordpress.org/branches/3.7@30434 git-svn-id: http://core.svn.wordpress.org/branches/3.7@30429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:43:09 +00:00 · 2014-11-20 13:43:09 +00:00 · c2b7538b1c
parent eeb9290b3b
commit c2b7538b1c
1 changed files with 3 additions and 0 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -1415,6 +1415,9 @@ function wp_insert_user( $userdata ) {
 	$data = wp_unslash( $data );

 	if ( $update ) {
+		if ( $user_email !== $old_user_data->user_email ) {
+			$data['user_activation_key'] = '';
+		}
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
 		$user_id = (int) $ID;
 	} else {