vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Users: Only include the IP address in password reset email if the user is not logged in.

Browse Source 
This avoids unnecessarily disclosing the IP address when sending a password reset link to another user from the admin.

Follow-up to [49255], [50129].

Props carike, audrasjb, gmariani405, Ipstenu.
See #34281.

git-svn-id: https://develop.svn.wordpress.org/trunk@50422 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2021-02-23 20:06:40 +00:00
parent 1b2ec3ecc7
commit 1926a14489
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/wp-includes/user.php
View File

@ -2773,13 +2773,15 @@ function retrieve_password( $user_login = null ) {
$message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
$message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user_login ), 'login' ) . "\r\n\r\n";
$requester_ip = $_SERVER['REMOTE_ADDR'];
if ( $requester_ip ) {
$message .= sprintf(
/* translators: %s: IP address of password reset requester. */
__( 'This password reset request originated from the IP address %s.' ),
$requester_ip
) . "\r\n";
if ( ! is_user_logged_in() ) {
$requester_ip = $_SERVER['REMOTE_ADDR'];
if ( $requester_ip ) {
$message .= sprintf(
/* translators: %s: IP address of password reset requester. */
__( 'This password reset request originated from the IP address %s.' ),
$requester_ip
) . "\r\n";
}
}
/* translators: Password reset notification email subject. %s: Site title. */