From e8ea407eb6b7dd4b31926bf8fdb3b2f0e6d5e673 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Thu, 20 Nov 2014 13:42:16 +0000
Subject: [PATCH] Invalidate password keys when a user's email changes.

Merges [30430] to the 3.9 branch.

Built from https://develop.svn.wordpress.org/branches/3.9@30432


git-svn-id: http://core.svn.wordpress.org/branches/3.9@30427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/user.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wp-includes/user.php b/wp-includes/user.php
index 5a9dc466ac..bba2f0086e 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -1716,6 +1716,9 @@ function wp_insert_user( $userdata ) {
 	$data = wp_unslash( $data );
 
 	if ( $update ) {
+		if ( $user_email !== $old_user_data->user_email ) {
+			$data['user_activation_key'] = '';
+		}
 		$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
 		$user_id = (int) $ID;
 	} else {