Make WordPress Core

Opened 5 years ago

Last modified 11 months ago

#15115 new defect (bug)

if filter show_password_field is set to false, you cannot add new users

Reported by: pampfelimetten Owned by:
Milestone: Future Release Priority: normal
Severity: minor Version: 3.0.1
Component: Users Keywords: has-patch dev-feedback
Focuses: Cc:


Steps to reproduce:

  1. add_filter('show_password_fields', false);
  1. Try to add a new user, after entering the data you get the error message "ERROR: Please enter your password.".

Attachments (1)

15115.diff (1.2 KB) - added by coffee2code 5 years ago.
Aforementioned patch.

Download all attachments as: .zip

Change History (5)

comment:1 @coffee2code5 years ago

  • Keywords has-patch added
  • Severity changed from major to minor

This is true. As the OP states, disabling display of password fields via

add_filter( 'show_password_fields', '__return_false' );

causes the password fields not to be shown on the user creation admin form (http://example.com/wp-admin/user-new.php).

My understanding of the filter's purpose is to make it possible to prevent users from using the profile form to change their password. This situation is indeed covered by the application of this filter in wp-admin/user-edit.php. The application of this filter in wp-admin/user-new.php does not seem appropriate (no sense in creating a user if you can't supply their password).

Attached is a patch, 15115.diff, which removes the filter from the user creation form.

Relatedly (though separate ticket at best): should those with create_users capability not have this filter applied to them at all? That way admins would always be able to edit user passwords. (Of course, this could be implemented via a plugin or the code adding the filter in the first place.)

@coffee2code5 years ago

Aforementioned patch.

comment:2 @pampfelimetten5 years ago

Well, I've discovered the bug because I wanted to use the filter, and there are scenarios where it can be useful. Removing it wasn't my intent at all, I'd rather like to see it improved.

What I want to do: We have a pretty big cms-like installation with 1000s of users. There is an intermediate management level between the admins and the authors, which are station managers, who can add new users to their station (of which we have about 15). But to keep it as simple as possible, we want to autogenerate the password which is sent to the new user, so we want to disable the password input field for the stationmanagers.

Maybe it would be a good idea to use different filters for users-new.php and user-edit.php? And of course fix the issue that using the filter prevents the user-new to function at all, as I've described in the ticket description.

Version 0, edited 5 years ago by pampfelimetten (next)

comment:3 @mdawaffe5 years ago

  • Milestone changed from Awaiting Review to Future Release

+1 on 15115.diff

Agreed it's confusing. Workaround for now would be to roll a better plugin than __return_false().

comment:4 @chriscct711 months ago

  • Keywords dev-feedback added

I agree, the filter applying on new user makes no sense. Adding for core review

Note: See TracTickets for help on using tickets.