From 230301e6da9ea8ab19a90e16dcc387eb5a6aaacc Mon Sep 17 00:00:00 2001
From: Gerhard <potgieterg@gmail.com>
Date: Fri, 26 Jun 2015 14:15:31 +0200
Subject: [PATCH] Don't reveal username when login failed on valid email login

---
 includes/class-wc-form-handler.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/class-wc-form-handler.php b/includes/class-wc-form-handler.php
index b1ae98824c6..a3f6c5f7ef4 100644
--- a/includes/class-wc-form-handler.php
+++ b/includes/class-wc-form-handler.php
@@ -794,7 +794,9 @@ class WC_Form_Handler {
 				$user                   = wp_signon( apply_filters( 'woocommerce_login_credentials', $creds ), $secure_cookie );
 
 				if ( is_wp_error( $user ) ) {
-					throw new Exception( $user->get_error_message() );
+					$message = $user->get_error_message();
+					$message = str_replace( '<strong>' . esc_html( $creds['user_login'] ) . '</strong>', '<strong>' . esc_html( $_POST['username'] ) . '</strong>', $message );
+					throw new Exception( $message );
 				} else {
 
 					if ( ! empty( $_POST['redirect'] ) ) {