WordPress.org

Make WordPress Core

Changeset 34116


Ignore:
Timestamp:
09/14/2015 12:42:34 PM (5 years ago)
Author:
ocean90
Message:

Passwords: Deprecate second parameter of wp_new_user_notification().

The second parameter $plaintext_pass was removed in [33023] and restored as $notify in [33620] with a different behavior. If you have a plugin overriding wp_new_user_notification() which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Props kraftbj, adamsilverstein, welcher, ocean90.
Fixes #33654.

(Don't ask for new pluggables kthxbye)

Location:
trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r34034 r34116  
    177177    } else {
    178178        $user_id = wp_insert_user( $user );
    179         wp_new_user_notification( $user_id, 'both' );
     179        wp_new_user_notification( $user_id, null, 'both' );
    180180    }
    181181    return $user_id;
  • trunk/src/wp-admin/network/site-new.php

    r34059 r34116  
    9595            wp_die( __( 'There was an error creating the user.' ) );
    9696        else
    97             wp_new_user_notification( $user_id, 'both' );
     97            wp_new_user_notification( $user_id, null, 'both' );
    9898    }
    9999
  • trunk/src/wp-admin/network/site-users.php

    r33921 r34116  
    7878                    $update = 'err_new_dup';
    7979                } else {
    80                     wp_new_user_notification( $user_id, 'both' );
     80                    wp_new_user_notification( $user_id, null, 'both' );
    8181                    add_user_to_blog( $id, $user_id, $_POST['new_role'] );
    8282                    $update = 'newuser';
  • trunk/src/wp-admin/network/user-new.php

    r34059 r34116  
    5252            $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) );
    5353        } else {
    54             wp_new_user_notification( $user_id, 'both' );
     54            wp_new_user_notification( $user_id, null, 'both' );
    5555            wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) );
    5656            exit;
  • trunk/src/wp-includes/pluggable.php

    r34107 r34116  
    16911691 * @since 2.0.0
    16921692 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
     1693 * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
    16931694 *
    16941695 * @global wpdb         $wpdb      WordPress database object for queries.
    16951696 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
    16961697 *
    1697  * @param int    $user_id User ID.
    1698  * @param string $notify  Optional. Type of notification that should happen. Accepts 'admin' or an empty
    1699  *                        string (admin only), or 'both' (admin and user). The empty string value was kept
    1700  *                        for backward-compatibility purposes with the renamed parameter. Default empty.
    1701  */
    1702 function wp_new_user_notification( $user_id, $notify = '' ) {
     1698 * @param int    $user_id    User ID.
     1699 * @param null   $deprecated Not used (argument deprecated).
     1700 * @param string $notify     Optional. Type of notification that should happen. Accepts 'admin' or an empty
     1701 *                           string (admin only), or 'both' (admin and user). The empty string value was kept
     1702 *                           for backward-compatibility purposes with the renamed parameter. Default empty.
     1703 */
     1704function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
     1705    if ( $deprecated !== null ) {
     1706        _deprecated_argument( __FUNCTION__, '4.3.1' );
     1707    }
     1708
    17031709    global $wpdb, $wp_hasher;
    17041710    $user = get_userdata( $user_id );
  • trunk/src/wp-includes/user-functions.php

    r34107 r34116  
    20132013    update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
    20142014
    2015     wp_new_user_notification( $user_id, 'both' );
     2015    wp_new_user_notification( $user_id, null, 'both' );
    20162016
    20172017    return $user_id;
  • trunk/tests/phpunit/tests/user.php

    r34033 r34116  
    680680    }
    681681
     682    /**
     683     * Testing wp_new_user_notification email statuses.
     684     *
     685     * @dataProvider data_wp_new_user_notifications
     686     * @ticket 33654
     687     */
     688    function test_wp_new_user_notification( $notify, $admin_email_sent_expected, $user_email_sent_expected ) {
     689        unset( $GLOBALS['phpmailer']->mock_sent );
     690
     691        $was_admin_email_sent = false;
     692        $was_user_email_sent = false;
     693
     694        $user = $this->factory->user->create( $this->user_data );
     695
     696        wp_new_user_notification( $user, null, $notify );
     697
     698        /*
     699         * Check to see if a notification email was sent to the
     700         * post author `blackburn@battlefield3.com` and and site admin `admin@example.org`.
     701         */
     702        if ( ! empty( $GLOBALS['phpmailer']->mock_sent ) ) {
     703            $was_admin_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[0] ) && WP_TESTS_EMAIL == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0] );
     704            $was_user_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[1] ) && 'blackburn@battlefield3.com' == $GLOBALS['phpmailer']->mock_sent[1]['to'][0][0] );
     705        }
     706
     707        $this->assertSame( $admin_email_sent_expected, $was_admin_email_sent, 'Admin email result was not as expected in test_wp_new_user_notification' );
     708        $this->assertSame( $user_email_sent_expected , $was_user_email_sent, 'User email result was not as expected in test_wp_new_user_notification' );
     709    }
     710
     711    /**
     712     * Data provider for test_wp_new_user_notification().
     713     *
     714     * Passes the three available options for the $notify parameter and the expected email
     715     * emails sent status as a bool.
     716     *
     717     * @return array {
     718     *     @type array {
     719     *         @type string $post_args               The arguments that will merged with the $_POST array.
     720     *         @type bool $admin_email_sent_expected The expected result of whether an email was sent to the admin.
     721     *         @type bool $user_email_sent_expected  The expected result of whether an email was sent to the user.
     722     *     }
     723     * }
     724     */
     725    function data_wp_new_user_notifications() {
     726        return array(
     727            array(
     728                '',
     729                true,
     730                false,
     731            ),
     732            array(
     733                'admin',
     734                true,
     735                false,
     736            ),
     737            array(
     738                'both',
     739                true,
     740                true,
     741            ),
     742        );
     743    }
     744
     745    /**
     746     * Set up a user and try sending a notification using the old, deprecated
     747     * function signature `wp_new_user_notification( $user, 'plaintext_password' );`.
     748     *
     749     * @ticket 33654
     750     * @expectedDeprecated wp_new_user_notification
     751     */
     752    function test_wp_new_user_notification_old_signature_throws_deprecated_warning() {
     753        $user = $this->factory->user->create(
     754            array(
     755                'role'       => 'author',
     756                'user_login' => 'test_wp_new_user_notification',
     757                'user_pass'  => 'password',
     758                'user_email' => 'test@test.com',
     759            )
     760        );
     761
     762        wp_new_user_notification( $user, 'this_is_deprecated' );
     763    }
    682764}
Note: See TracChangeset for help on using the changeset viewer.