WC_Form_Handler::redirect_reset_password_link()

Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.

Contents

Description Description

Source Source

File: includes/class-wc-form-handler.php 

	public static function redirect_reset_password_link() {
		if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended

			// If available, get $user_id from query string parameter for fallback purposes.
			if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
				$user    = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
				$user_id = $user ? $user->ID : 0;
			} else {
				$user_id = absint( $_GET['id'] );
			}

			$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
			WC_Shortcode_My_Account::set_reset_password_cookie( $value );
			wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) );
			exit;
		}
	}

Expand full source code Collapse full source code

Top ↑

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.