From 6064924c18df198298372a0dea3245d375c2cd78 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Mon, 14 Sep 2015 02:44:41 +0000
Subject: [PATCH] Send password-change email notifications via hook.

`wp_password_change_notification()` is now called at the 'after_password_reset'
action, rather than being invoked directly from the `reset_password()` function.

In order to make it possible to call `wp_password_change_notification()` as a
`do_action()` callback, the function signature has to be changed so that the
`$user` parameter is expected to be a value rather than a reference. Since
PHP 5.0, objects are passed by reference, so `&$user` was unnecessary anyway.

Props dshanske, thomaswm.
See #33587.

git-svn-id: https://develop.svn.wordpress.org/trunk@34107 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/default-filters.php |  1 +
 src/wp-includes/pluggable.php       |  4 ++--
 src/wp-includes/user-functions.php  | 10 +++++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
index 8ce3660f43..3d3c2f044f 100644
--- a/src/wp-includes/default-filters.php
+++ b/src/wp-includes/default-filters.php
@@ -337,6 +337,7 @@ add_action( 'wp_split_shared_term_batch', '_wp_batch_split_terms' );
 // Email notifications.
 add_action( 'comment_post', 'wp_new_comment_notify_moderator', 10, 2 );
 add_action( 'comment_post', 'wp_new_comment_notify_postauthor' );
+add_action( 'after_password_reset', 'wp_password_change_notification' );
 
 /**
  * Filters formerly mixed into wp-includes
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index a0deef1dc2..d1a3dfe9ff 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1667,9 +1667,9 @@ if ( !function_exists('wp_password_change_notification') ) :
  *
  * @since 2.7.0
  *
- * @param object $user User Object
+ * @param WP_User $user User object.
  */
-function wp_password_change_notification(&$user) {
+function wp_password_change_notification( $user ) {
 	// send a copy of password change notification to the admin
 	// but check to see if it's the admin whose password we're changing, and skip this
 	if ( 0 !== strcasecmp( $user->user_email, get_option( 'admin_email' ) ) ) {
diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php
index 762e54e6d9..1feac3be04 100644
--- a/src/wp-includes/user-functions.php
+++ b/src/wp-includes/user-functions.php
@@ -1916,7 +1916,15 @@ function reset_password( $user, $new_pass ) {
 	wp_set_password( $new_pass, $user->ID );
 	update_user_option( $user->ID, 'default_password_nag', false, true );
 
-	wp_password_change_notification( $user );
+	/**
+	 * Fires after the user's password is reset.
+	 *
+	 * @since 4.4.0
+	 *
+	 * @param object $user     The user.
+	 * @param string $new_pass New user password.
+	 */
+	do_action( 'after_password_reset', $user, $new_pass );
 }
 
 /**