diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php index 593479abc0..43abd608ae 100644 --- a/wp-admin/includes/class-wp-users-list-table.php +++ b/wp-admin/includes/class-wp-users-list-table.php @@ -502,6 +502,7 @@ class WP_Users_List_Table extends WP_List_Table { // Add a link to send the user a reset password link by email. if ( get_current_user_id() !== $user_object->ID && current_user_can( 'edit_user', $user_object->ID ) + && true === wp_is_password_reset_allowed_for_user( $user_object ) ) { $actions['resetpassword'] = "" . __( 'Send password reset' ) . ''; } diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index cf748f462d..bd0e787964 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -681,7 +681,7 @@ switch ( $action ) { - + diff --git a/wp-includes/user.php b/wp-includes/user.php index 8e230708e4..d6bda7af47 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2897,25 +2897,11 @@ function get_password_reset_key( $user ) { */ do_action( 'retrieve_password', $user->user_login ); - $allow = true; - if ( is_multisite() && is_user_spammy( $user ) ) { - $allow = false; - } - - /** - * Filters whether to allow a password to be reset. - * - * @since 2.7.0 - * - * @param bool $allow Whether to allow the password to be reset. Default true. - * @param int $user_id The ID of the user attempting to reset a password. - */ - $allow = apply_filters( 'allow_password_reset', $allow, $user->ID ); - - if ( ! $allow ) { + $password_reset_allowed = wp_is_password_reset_allowed_for_user( $user ); + if ( ! $password_reset_allowed ) { return new WP_Error( 'no_password_reset', __( 'Password reset is not allowed for this user' ) ); - } elseif ( is_wp_error( $allow ) ) { - return $allow; + } elseif ( is_wp_error( $password_reset_allowed ) ) { + return $password_reset_allowed; } // Generate something random for a password reset key. @@ -5037,3 +5023,35 @@ function wp_register_persisted_preferences_meta() { function wp_cache_set_users_last_changed() { wp_cache_set_last_changed( 'users' ); } + +/** + * Checks if password reset is allowed for a specific user. + * + * @since 6.3.0 + * + * @param int|WP_User $user The user to check. + * @return bool|WP_Error True if allowed, false or WP_Error otherwise. + */ +function wp_is_password_reset_allowed_for_user( $user ) { + if ( ! is_object( $user ) ) { + $user = get_userdata( $user ); + } + + if ( ! $user || ! $user->exists() ) { + return false; + } + $allow = true; + if ( is_multisite() && is_user_spammy( $user ) ) { + $allow = false; + } + + /** + * Filters whether to allow a password to be reset. + * + * @since 2.7.0 + * + * @param bool $allow Whether to allow the password to be reset. Default true. + * @param int $user_id The ID of the user attempting to reset a password. + */ + return apply_filters( 'allow_password_reset', $allow, $user->ID ); +} \ No newline at end of file diff --git a/wp-includes/version.php b/wp-includes/version.php index 5757d40b85..6d8ca97a6e 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.3-beta3-56149'; +$wp_version = '6.3-beta3-56150'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.