Serious bug preventing password reset: user_activation_key is hashed as of WP3.7
See lines 338-356 of wp-login.php for the new way to create user_activation_key for password resets.
I believe this affects the multisite signup/activation process as well.
Until this bug is fixed some users may find it impossible to reset their passwords (I think if you send a password reset email via /wp-login.php and then try to send one via TML’s reset password page you can reproduce the bug and you’ll be sent the hash of a token in your email rather than the token itself).
- The topic ‘Serious bug preventing password reset: user_activation_key is hashed as of WP3.7’ is closed to new replies.