Opened 3 years ago
Last modified 2 years ago
#15115 new defect (bug)
if filter show_password_field is set to false, you cannot add new users
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Future Release |
| Component: | Users | Version: | 3.0.1 |
| Severity: | minor | Keywords: | has-patch |
| Cc: |
Description
Steps to reproduce:
- add_filter('show_password_fields', false);
- Try to add a new user, after entering the data you get the error message "ERROR: Please enter your password.".
Attachments (1)
Change History (4)
comment:1
coffee2code
— 2 years ago
- Keywords has-patch added
- Severity changed from major to minor
comment:2
pampfelimetten
— 2 years ago
Well, I've discovered the bug because I wanted to use the filter, and there are scenarios where it can be useful. Removing it wasn't my intent at all, I'd rather like to see it improved.
What I want to do: We have a pretty big cms-like installation with 1000s of users. There is an intermediate management level between the admins and the authors, which are station managers, who can add new users to their station (of which we have about 15). But to keep it as simple as possible, we want to autogenerate the password which is sent to the new user, so we want to disable the password input field for the stationmanagers.
Maybe it would be a good idea to use different filters for users-new.php and user-edit.php? And of course fix the issue that using the filter prevents the user-new to function at all, as I've described in the ticket description.
This is true. As the OP states, disabling display of password fields via
causes the password fields not to be shown on the user creation admin form (http://example.com/wp-admin/user-new.php).
My understanding of the filter's purpose is to make it possible to prevent users from using the profile form to change their password. This situation is indeed covered by the application of this filter in wp-admin/user-edit.php. The application of this filter in wp-admin/user-new.php does not seem appropriate (no sense in creating a user if you can't supply their password).
Attached is a patch, 15115.diff, which removes the filter from the user creation form.
Relatedly (though separate ticket at best): should those with create_users capability not have this filter applied to them at all? That way admins would always be able to edit user passwords. (Of course, this could be implemented via a plugin or the code adding the filter in the first place.)