summaryrefslogtreecommitdiffstats
path: root/wp-includes/user.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--wp-includes/user.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/wp-includes/user.php b/wp-includes/user.php
index 5b9dacc..301e8f0 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -333,6 +333,7 @@ function wp_authenticate_application_password( $input_user, $username, $password
return $input_user;
}
+ // The 'REST_REQUEST' check here may happen too early for the constant to be available.
$is_api_request = ( ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) );
/**
@@ -2095,6 +2096,9 @@ function wp_insert_user( $userdata ) {
return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) );
}
+ // Slash current user email to compare it later with slashed new user email.
+ $old_user_data->user_email = wp_slash( $old_user_data->user_email );
+
// Hashed in wp_update_user(), plaintext if called directly.
$user_pass = ! empty( $userdata['user_pass'] ) ? $userdata['user_pass'] : $old_user_data->user_pass;
} else {
@@ -2875,7 +2879,7 @@ function wp_get_password_hint() {
*
* @since 4.4.0
*
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework.
+ * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
*
* @param WP_User $user User to retrieve password reset key for.
* @return string|WP_Error Password reset key on success. WP_Error on error.
@@ -3047,8 +3051,8 @@ function check_password_reset_key( $key, $login ) {
* @since 2.5.0
* @since 5.7.0 Added `$user_login` parameter.
*
- * @global wpdb $wpdb WordPress database abstraction object.
- * @global PasswordHash $wp_hasher Portable PHP password hashing framework.
+ * @global wpdb $wpdb WordPress database abstraction object.
+ * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
*
* @param string $user_login Optional. Username to send a password retrieval email for.
* Defaults to `$_POST['user_login']` if not set.
@@ -4817,6 +4821,8 @@ All at ###SITENAME###
*
* @since 4.9.6
*
+ * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
+ *
* @param int $request_id Request ID.
* @return string Confirmation key.
*/
@@ -4848,6 +4854,8 @@ function wp_generate_user_request_key( $request_id ) {
*
* @since 4.9.6
*
+ * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
+ *
* @param string $request_id ID of the request being confirmed.
* @param string $key Provided key to validate.
* @return true|WP_Error True on success, WP_Error on failure.