Get WordPress

Make WordPress Core

Changeset 56150

Timestamp:
07/06/2023 12:45:45 PM (13 months ago)
Author:
audrasjb
Message:

Users: Remove password reset links when the feature is not allowed for a specific user.

This also introduces wp_is_password_reset_allowed_for_user() which returns false when password reset is not allowed for a specific user. This can be
filtered by developers using the existing allow_password_reset hook.

Props ocean90, cshark, robinwpdeveloper, tahmina1du, kraftbj.
Fixes #58194.

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/includes/class-wp-users-list-table.php

    r55971 r56150  
    503503            if ( get_current_user_id() !== $user_object->ID
    504504                && current_user_can( 'edit_user', $user_object->ID )
     505
    505506            ) {
    506507                $actions['resetpassword'] = "<a class='resetpassword' href='" . wp_nonce_url( "users.php?action=resetpassword&amp;users=$user_object->ID", 'bulk-users' ) . "'>" . __( 'Send password reset' ) . '</a>';

  • trunk/src/wp-admin/user-edit.php

    r56008 r56150  
    682682
    683683                            <?php // Allow admins to send reset password link. ?>
    684                             <?php if ( ! IS_PROFILE_PAGE ) : ?>
     684                            <?php if ( ! IS_PROFILE_PAGE ) : ?>
    685685                                <tr class="user-generate-reset-link-wrap hide-if-no-js">
    686686                                    <th><?php _e( 'Password Reset' ); ?></th>

  • trunk/src/wp-includes/user.php

    r56071 r56150  
    28982898    do_action( 'retrieve_password', $user->user_login );
    28992899
    2900     $allow = true;
    2901     if ( is_multisite() && is_user_spammy( $user ) ) {
    2902         $allow = false;
    2903     }
    2904 
    2905     /**
    2906      * Filters whether to allow a password to be reset.
    2907      *
    2908      * @since 2.7.0
    2909      *
    2910      * @param bool $allow   Whether to allow the password to be reset. Default true.
    2911      * @param int  $user_id The ID of the user attempting to reset a password.
    2912      */
    2913     $allow = apply_filters( 'allow_password_reset', $allow, $user->ID );
    2914 
    2915     if ( ! $allow ) {
     2900    $password_reset_allowed = wp_is_password_reset_allowed_for_user( $user );
     2901    if ( ! $password_reset_allowed ) {
    29162902        return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) );
    2917     } elseif ( is_wp_error( $allow ) ) {
    2918         return $allow;
     2903    } elseif ( is_wp_error( $ ) ) {
     2904        return $;
    29192905    }
    29202906
     
    50385024    wp_cache_set_last_changed( 'users' );
    50395025}
     5026
     5027
     5028
     5029
     5030
     5031
     5032
     5033
     5034
     5035
     5036
     5037
     5038
     5039
     5040
     5041
     5042
     5043
     5044
     5045
     5046
     5047
     5048
     5049
     5050
     5051
     5052
     5053
     5054
     5055
     5056
     5057
Note: See TracChangeset for help on using the changeset viewer.