Opened 14 years ago
Closed 9 years ago
#15115 closed defect (bug) (fixed)
if filter show_password_field is set to false, you cannot add new users
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.4 | Priority: | normal |
| Severity: | minor | Version: | 3.0.1 |
| Component: | Users | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Steps to reproduce:
- add_filter('show_password_fields', false);
- Try to add a new user, after entering the data you get the error message "ERROR: Please enter your password.".
Attachments (1)
Change History (9)
#2
@
14 years ago
Well, I've discovered the bug because I wanted to use the filter, and there are scenarios where it can be useful. Removing it wasn't my intent at all, I'd rather like to see it improved.
What I want to do: We have a pretty big cms-like installation with 1000s of users. There is an intermediate management level called stationmanagers between the admins and authors. They can add new users to their station. But to keep it as simple as possible, we want to autogenerate the password which is sent to the new user, so we want to disable the password input field for the stationmanagers.
Maybe it would be a good idea to use different filters for users-new.php and user-edit.php? And of course fix the issue that using the filter prevents the user-new to function at all, as I've described in the ticket description.
#3
@
14 years ago
- Milestone changed from Awaiting Review to Future Release
+1 on 15115.diff
Agreed it's confusing. Workaround for now would be to roll a better plugin than __return_false().
#4
@
10 years ago
- Keywords dev-feedback added
I agree, the filter applying on new user makes no sense. Adding for core review
#6
@
9 years ago
- Owner set to wonderboymusic
- Resolution set to fixed
- Status changed from new to closed
In 34582:
This is true. As the OP states, disabling display of password fields via
causes the password fields not to be shown on the user creation admin form (
http://example.com/wp-admin/user-new.php).My understanding of the filter's purpose is to make it possible to prevent users from using the profile form to change their password. This situation is indeed covered by the application of this filter in
wp-admin/user-edit.php. The application of this filter inwp-admin/user-new.phpdoes not seem appropriate (no sense in creating a user if you can't supply their password).Attached is a patch,
15115.diff, which removes the filter from the user creation form.Relatedly (though separate ticket at best): should those with
create_userscapability not have this filter applied to them at all? That way admins would always be able to edit user passwords. (Of course, this could be implemented via a plugin or the code adding the filter in the first place.)