WC_Form_Handler::redirect_reset_password_link()
Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
Description Description
Source Source
File: includes/class-wc-form-handler.php
public static function redirect_reset_password_link() { if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended // If available, get $user_id from query string parameter for fallback purposes. if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended $user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended $user_id = $user ? $user->ID : 0; } else { $user_id = absint( $_GET['id'] ); } $value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore WC_Shortcode_My_Account::set_reset_password_cookie( $value ); wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) ); exit; } }