From e01385d2b403e1c585b3a6e705eec2747948955d Mon Sep 17 00:00:00 2001
From: Alex MacArthur <alex.macarthur@daveramsey.com>
Date: Mon, 5 Feb 2018 14:28:54 -0600
Subject: [PATCH 1/4] Remove user login from reset password link.

---
 includes/class-wc-form-handler.php                     |  5 +++--
 .../emails/class-wc-email-customer-reset-password.php  | 10 ++++++++++
 templates/emails/customer-reset-password.php           |  2 +-
 templates/emails/plain/customer-reset-password.php     |  2 +-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index 785b57e4df4..2737e24d379 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -43,8 +43,9 @@ class WC_Form_Handler {
 	 * Remove key and login from query string, set cookie, and redirect to account page to show the form.
 	 */
 	public static function redirect_reset_password_link() {
-		if ( is_account_page() && ! empty( $_GET['key'] ) && ! empty( $_GET['login'] ) ) {
-			$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
+		if ( is_account_page() && ! empty( $_GET['key'] ) && ! empty( $_GET['id'] ) ) {
+			$user_login = get_user_by('id', $_GET['id'])->user_login;
+			$value = sprintf( '%s:%s', wp_unslash( $user_login ), wp_unslash( $_GET['key'] ) );
 			WC_Shortcode_My_Account::set_reset_password_cookie( $value );
 
 			wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) );
diff --git a/includes/emails/class-wc-email-customer-reset-password.php b/includes/emails/class-wc-email-customer-reset-password.php
index 63e75a3fe0f..d7e1624986d 100644
--- a/includes/emails/class-wc-email-customer-reset-password.php
+++ b/includes/emails/class-wc-email-customer-reset-password.php
@@ -19,6 +19,13 @@ if ( ! class_exists( 'WC_Email_Customer_Reset_Password', false ) ) :
  */
 class WC_Email_Customer_Reset_Password extends WC_Email {
 
+	/**
+	 * User ID.
+	 *
+	 * @var integer
+	 */
+	public $user_id;
+
 	/**
 	 * User login name.
 	 *
@@ -92,6 +99,7 @@ class WC_Email_Customer_Reset_Password extends WC_Email {
 
 		if ( $user_login && $reset_key ) {
 			$this->object     = get_user_by( 'login', $user_login );
+			$this->user_id 	  = $this->object->ID;
 			$this->user_login = $user_login;
 			$this->reset_key  = $reset_key;
 			$this->user_email = stripslashes( $this->object->user_email );
@@ -114,6 +122,7 @@ class WC_Email_Customer_Reset_Password extends WC_Email {
 	public function get_content_html() {
 		return wc_get_template_html( $this->template_html, array(
 			'email_heading' => $this->get_heading(),
+			'user_id' 		=> $this->user_id,
 			'user_login'    => $this->user_login,
 			'reset_key'     => $this->reset_key,
 			'blogname'      => $this->get_blogname(),
@@ -132,6 +141,7 @@ class WC_Email_Customer_Reset_Password extends WC_Email {
 	public function get_content_plain() {
 		return wc_get_template_html( $this->template_plain, array(
 			'email_heading' => $this->get_heading(),
+			'user_id' 		=> $this->user_id,
 			'user_login'    => $this->user_login,
 			'reset_key'     => $this->reset_key,
 			'blogname'      => $this->get_blogname(),
diff --git a/templates/emails/customer-reset-password.php b/templates/emails/customer-reset-password.php
index 0d5718ff849..f1de7bf9cf0 100644
--- a/templates/emails/customer-reset-password.php
+++ b/templates/emails/customer-reset-password.php
@@ -29,7 +29,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 <p><?php _e( 'If this was a mistake, just ignore this email and nothing will happen.', 'woocommerce' ); ?></p>
 <p><?php _e( 'To reset your password, visit the following address:', 'woocommerce' ); ?></p>
 <p>
-	<a class="link" href="<?php echo esc_url( add_query_arg( array( 'key' => $reset_key, 'login' => rawurlencode( $user_login ) ), wc_get_endpoint_url( 'lost-password', '', wc_get_page_permalink( 'myaccount' ) ) ) ); ?>">
+	<a class="link" href="<?php echo esc_url( add_query_arg( array( 'key' => $reset_key, 'id' => $user_id ), wc_get_endpoint_url( 'lost-password', '', wc_get_page_permalink( 'myaccount' ) ) ) ); ?>">
 			<?php _e( 'Click here to reset your password', 'woocommerce' ); ?></a>
 </p>
 <p></p>
diff --git a/templates/emails/plain/customer-reset-password.php b/templates/emails/plain/customer-reset-password.php
index ad36cb3e48e..e17dff53377 100644
--- a/templates/emails/plain/customer-reset-password.php
+++ b/templates/emails/plain/customer-reset-password.php
@@ -28,7 +28,7 @@ echo sprintf( __( 'Username: %s', 'woocommerce' ), $user_login ) . "\r\n\r\n";
 echo __( 'If this was a mistake, just ignore this email and nothing will happen.', 'woocommerce' ) . "\r\n\r\n";
 echo __( 'To reset your password, visit the following address:', 'woocommerce' ) . "\r\n\r\n";
 
-echo esc_url( add_query_arg( array( 'key' => $reset_key, 'login' => $user_login ), wc_get_endpoint_url( 'lost-password', '', wc_get_page_permalink( 'myaccount' ) ) ) ) . "\r\n";
+echo esc_url( add_query_arg( array( 'key' => $reset_key, 'id' => $user_id ), wc_get_endpoint_url( 'lost-password', '', wc_get_page_permalink( 'myaccount' ) ) ) ) . "\r\n";
 
 echo "\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\n";
 

From c87c5627bbfed312ce1c80d3db685b90c73c60ec Mon Sep 17 00:00:00 2001
From: Alex MacArthur <alex.macarthur@daveramsey.com>
Date: Tue, 6 Feb 2018 11:24:26 -0600
Subject: [PATCH 2/4] Add fallback support for passing user_login in password
 reset link.

---
 includes/class-wc-form-handler.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index 2737e24d379..8df953f7f8f 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -40,14 +40,16 @@ class WC_Form_Handler {
 	}
 
 	/**
-	 * Remove key and login from query string, set cookie, and redirect to account page to show the form.
+	 * Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
 	 */
 	public static function redirect_reset_password_link() {
-		if ( is_account_page() && ! empty( $_GET['key'] ) && ! empty( $_GET['id'] ) ) {
-			$user_login = get_user_by('id', $_GET['id'])->user_login;
+		if ( is_account_page() && isset( $_GET['key'] ) && (isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) {
+
+			// If available, get $user_login from query string parameter for fallback purposes.
+			$user_login = isset($_GET['login']) ? $_GET['login'] : get_user_by('id', $_GET['id'])->user_login;
+
 			$value = sprintf( '%s:%s', wp_unslash( $user_login ), wp_unslash( $_GET['key'] ) );
 			WC_Shortcode_My_Account::set_reset_password_cookie( $value );
-
 			wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) );
 			exit;
 		}

From 08982af65c84381558f6f9e674582dfcb8efed61 Mon Sep 17 00:00:00 2001
From: Alex MacArthur <alex.macarthur@daveramsey.com>
Date: Wed, 14 Feb 2018 07:59:25 -0600
Subject: [PATCH 3/4] Set  to empty string in case invalid ID is passed.

---
 includes/class-wc-form-handler.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index 8df953f7f8f..fe9f0cf0dee 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -43,10 +43,15 @@ class WC_Form_Handler {
 	 * Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
 	 */
 	public static function redirect_reset_password_link() {
-		if ( is_account_page() && isset( $_GET['key'] ) && (isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) {
+		if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) {
 
 			// If available, get $user_login from query string parameter for fallback purposes.
-			$user_login = isset($_GET['login']) ? $_GET['login'] : get_user_by('id', $_GET['id'])->user_login;
+			if( isset( $_GET['login'] ) ) {
+				$user_login = $_GET['login'];
+			} else {
+				$user = get_user_by( 'id', $_GET['id'] );
+				$user_login = $user ? $user->user_login : '';
+			}
 
 			$value = sprintf( '%s:%s', wp_unslash( $user_login ), wp_unslash( $_GET['key'] ) );
 			WC_Shortcode_My_Account::set_reset_password_cookie( $value );

From 870338ee5dd349e42c59eac1602c9f18abc6bc9a Mon Sep 17 00:00:00 2001
From: Alex MacArthur <alex.macarthur@daveramsey.com>
Date: Thu, 22 Feb 2018 07:01:49 -0600
Subject: [PATCH 4/4] Make compliant w/ coding standards, sanitize ID.

---
 includes/class-wc-form-handler.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index fe9f0cf0dee..5a812b97e5d 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -46,10 +46,10 @@ class WC_Form_Handler {
 		if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) || isset( $_GET['login'] ) ) ) {
 
 			// If available, get $user_login from query string parameter for fallback purposes.
-			if( isset( $_GET['login'] ) ) {
+			if ( isset( $_GET['login'] ) ) {
 				$user_login = $_GET['login'];
 			} else {
-				$user = get_user_by( 'id', $_GET['id'] );
+				$user = get_user_by( 'id', absint( $_GET['id'] ) );
 				$user_login = $user ? $user->user_login : '';
 			}