Make WordPress Core

Changeset 34118


Ignore:
Timestamp:
09/14/2015 01:02:03 PM (9 years ago)
Author:
ocean90
Message:

Passwords: Deprecate second parameter of wp_new_user_notification().

The second parameter $plaintext_pass was removed in [33023] and restored as $notify in [33620] with a different behavior. If you have a plugin overriding wp_new_user_notification() which hasn't been updated you would get a notification with your username and the password "both".
To prevent this the second parameter is now deprecated and reintroduced as the third parameter.

Adds unit tests.

Merge of [34116] to the 4.3 branch.

Props kraftbj, adamsilverstein, welcher, ocean90.
See #33654.

Location:
branches/4.3
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • branches/4.3/src/wp-admin/includes/user.php

    r33620 r34118  
    177177    } else {
    178178        $user_id = wp_insert_user( $user );
    179         wp_new_user_notification( $user_id, 'both' );
     179        wp_new_user_notification( $user_id, null, 'both' );
    180180    }
    181181    return $user_id;
  • branches/4.3/src/wp-admin/network/site-new.php

    r33620 r34118  
    8080            wp_die( __( 'There was an error creating the user.' ) );
    8181        else
    82             wp_new_user_notification( $user_id, 'both' );
     82            wp_new_user_notification( $user_id, null, 'both' );
    8383    }
    8484
  • branches/4.3/src/wp-admin/network/site-users.php

    r33620 r34118  
    7878                    $update = 'err_new_dup';
    7979                } else {
    80                     wp_new_user_notification( $user_id, 'both' );
     80                    wp_new_user_notification( $user_id, null, 'both' );
    8181                    add_user_to_blog( $id, $user_id, $_POST['new_role'] );
    8282                    $update = 'newuser';
  • branches/4.3/src/wp-admin/network/user-new.php

    r33620 r34118  
    5252            $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) );
    5353        } else {
    54             wp_new_user_notification( $user_id, 'both' );
     54            wp_new_user_notification( $user_id, null, 'both' );
    5555            wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) );
    5656            exit;
  • branches/4.3/src/wp-includes/pluggable.php

    r34053 r34118  
    16901690 * @since 2.0.0
    16911691 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
     1692 * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
    16921693 *
    16931694 * @global wpdb         $wpdb      WordPress database object for queries.
    16941695 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
    16951696 *
    1696  * @param int    $user_id User ID.
    1697  * @param string $notify  Whether admin and user should be notified ('both') or
    1698  *                        only the admin ('admin' or empty).
    1699  */
    1700 function wp_new_user_notification( $user_id, $notify = '' ) {
     1697 * @param int    $user_id    User ID.
     1698 * @param null   $deprecated Not used (argument deprecated).
     1699 * @param string $notify     Optional. Type of notification that should happen. Accepts 'admin' or an empty
     1700 *                           string (admin only), or 'both' (admin and user). The empty string value was kept
     1701 *                           for backward-compatibility purposes with the renamed parameter. Default empty.
     1702 */
     1703function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
     1704    if ( $deprecated !== null ) {
     1705        _deprecated_argument( __FUNCTION__, '4.3.1' );
     1706    }
     1707
    17011708    global $wpdb, $wp_hasher;
    17021709    $user = get_userdata( $user_id );
  • branches/4.3/src/wp-includes/user.php

    r33953 r34118  
    26202620    update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
    26212621
    2622     wp_new_user_notification( $user_id, 'both' );
     2622    wp_new_user_notification( $user_id, null, 'both' );
    26232623
    26242624    return $user_id;
  • branches/4.3/tests/phpunit/tests/user.php

    r34031 r34118  
    680680    }
    681681
     682    /**
     683     * Testing wp_new_user_notification email statuses.
     684     *
     685     * @dataProvider data_wp_new_user_notifications
     686     * @ticket 33654
     687     */
     688    function test_wp_new_user_notification( $notify, $admin_email_sent_expected, $user_email_sent_expected ) {
     689        unset( $GLOBALS['phpmailer']->mock_sent );
     690
     691        $was_admin_email_sent = false;
     692        $was_user_email_sent = false;
     693
     694        $user = $this->factory->user->create( $this->user_data );
     695
     696        wp_new_user_notification( $user, null, $notify );
     697
     698        /*
     699         * Check to see if a notification email was sent to the
     700         * post author `blackburn@battlefield3.com` and and site admin `admin@example.org`.
     701         */
     702        if ( ! empty( $GLOBALS['phpmailer']->mock_sent ) ) {
     703            $was_admin_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[0] ) && WP_TESTS_EMAIL == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0] );
     704            $was_user_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[1] ) && 'blackburn@battlefield3.com' == $GLOBALS['phpmailer']->mock_sent[1]['to'][0][0] );
     705        }
     706
     707        $this->assertSame( $admin_email_sent_expected, $was_admin_email_sent, 'Admin email result was not as expected in test_wp_new_user_notification' );
     708        $this->assertSame( $user_email_sent_expected , $was_user_email_sent, 'User email result was not as expected in test_wp_new_user_notification' );
     709    }
     710
     711    /**
     712     * Data provider for test_wp_new_user_notification().
     713     *
     714     * Passes the three available options for the $notify parameter and the expected email
     715     * emails sent status as a bool.
     716     *
     717     * @return array {
     718     *     @type array {
     719     *         @type string $post_args               The arguments that will merged with the $_POST array.
     720     *         @type bool $admin_email_sent_expected The expected result of whether an email was sent to the admin.
     721     *         @type bool $user_email_sent_expected  The expected result of whether an email was sent to the user.
     722     *     }
     723     * }
     724     */
     725    function data_wp_new_user_notifications() {
     726        return array(
     727            array(
     728                '',
     729                true,
     730                false,
     731            ),
     732            array(
     733                'admin',
     734                true,
     735                false,
     736            ),
     737            array(
     738                'both',
     739                true,
     740                true,
     741            ),
     742        );
     743    }
     744
     745    /**
     746     * Set up a user and try sending a notification using the old, deprecated
     747     * function signature `wp_new_user_notification( $user, 'plaintext_password' );`.
     748     *
     749     * @ticket 33654
     750     * @expectedDeprecated wp_new_user_notification
     751     */
     752    function test_wp_new_user_notification_old_signature_throws_deprecated_warning() {
     753        $user = $this->factory->user->create(
     754            array(
     755                'role'       => 'author',
     756                'user_login' => 'test_wp_new_user_notification',
     757                'user_pass'  => 'password',
     758                'user_email' => 'test@test.com',
     759            )
     760        );
     761
     762        wp_new_user_notification( $user, 'this_is_deprecated' );
     763    }
    682764}
Note: See TracChangeset for help on using the changeset viewer.