10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed password reset url for the approved user who didn't set their password after registration without password; reset URL hash has been generated twice and we have wrong hash in reset password email.

Browse Source
This commit is contained in:
Mykyta Synelnikov
2024-02-22 22:01:07 +02:00
parent 00e28c27da
commit 042dc6e320
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-mail.php
+4 -4
View File
@@ -351,8 +351,8 @@ if ( ! class_exists( 'um\core\Mail' ) ) {
*/
$message = apply_filters( 'um_email_send_message_content', $message, $slug, $args );
add_filter( 'um_template_tags_patterns_hook', array( &$this, 'add_placeholder' ) );
add_filter( 'um_template_tags_replaces_hook', array( &$this, 'add_replace_placeholder' ) );
// add_filter( 'um_template_tags_patterns_hook', array( &$this, 'add_placeholder' ) );
// add_filter( 'um_template_tags_replaces_hook', array( &$this, 'add_replace_placeholder' ) );
// Convert tags in email template.
return um_convert_tags( $message, $args );
@@ -421,8 +421,8 @@ if ( ! class_exists( 'um\core\Mail' ) ) {
$mail_from_addr = UM()->options()->get( 'mail_from_addr' ) ? UM()->options()->get( 'mail_from_addr' ) : get_bloginfo( 'admin_email' );
$this->headers = 'From: ' . stripslashes( $mail_from ) . ' <' . $mail_from_addr . '>' . "\r\n";
add_filter( 'um_template_tags_patterns_hook', array( UM()->mail(), 'add_placeholder' ) );
add_filter( 'um_template_tags_replaces_hook', array( UM()->mail(), 'add_replace_placeholder' ) );
add_filter( 'um_template_tags_patterns_hook', array( $this, 'add_placeholder' ) );
add_filter( 'um_template_tags_replaces_hook', array( $this, 'add_replace_placeholder' ) );
/**
* Filters email notification subject.
includes/core/class-password.php
+9 -4
View File
@@ -38,20 +38,25 @@ if ( ! class_exists( 'um\core\Password' ) ) {
*
* @return bool|string
*/
function reset_url() {
public function reset_url() {
static $reset_key = null;
$user_id = um_user( 'ID' );
delete_option( "um_cache_userdata_{$user_id}" );
//new reset password key via WordPress native field. It maybe already exists here but generated twice to make sure that emailed with a proper and fresh hash
// New reset password key via WordPress native field. It maybe already exists here but generated twice to make sure that emailed with a proper and fresh hash.
// But doing that only once in 1 request using static variable. Different email placeholders can use reset_url() and we have to use 1 time generated to avoid invalid keys.
$user_data = get_userdata( $user_id );
$key = UM()->user()->maybe_generate_password_reset_key( $user_data );
if ( empty( $reset_key ) ) {
$reset_key = UM()->user()->maybe_generate_password_reset_key( $user_data );
}
// this link looks like WordPress native link e.g. wp-login.php?action=rp&key={hash}&login={user_login}
$url = add_query_arg(
array(
'act' => 'reset_password',
'hash' => $key,
'hash' => $reset_key,
'login' => $user_data->user_login,
),
um_get_core_page( 'password-reset' )