WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#15115 new defect (bug)

if filter show_password_field is set to false, you cannot add new users

Reported by: pampfelimetten Owned by:
Milestone: Future Release Priority: normal
Severity: minor Version: 3.0.1
Component: Users Keywords: has-patch
Focuses: Cc:

Description

Steps to reproduce:

  1. add_filter('show_password_fields', false);
  1. Try to add a new user, after entering the data you get the error message "ERROR: Please enter your password.".

Attachments (1)

15115.diff (1.2 KB) - added by coffee2code 3 years ago.
Aforementioned patch.

Download all attachments as: .zip

Change History (4)

comment:1 coffee2code3 years ago

  • Keywords has-patch added
  • Severity changed from major to minor

This is true. As the OP states, disabling display of password fields via

add_filter( 'show_password_fields', '__return_false' );

causes the password fields not to be shown on the user creation admin form (http://example.com/wp-admin/user-new.php).

My understanding of the filter's purpose is to make it possible to prevent users from using the profile form to change their password. This situation is indeed covered by the application of this filter in wp-admin/user-edit.php. The application of this filter in wp-admin/user-new.php does not seem appropriate (no sense in creating a user if you can't supply their password).

Attached is a patch, 15115.diff, which removes the filter from the user creation form.

Relatedly (though separate ticket at best): should those with create_users capability not have this filter applied to them at all? That way admins would always be able to edit user passwords. (Of course, this could be implemented via a plugin or the code adding the filter in the first place.)

coffee2code3 years ago

Aforementioned patch.

comment:2 pampfelimetten3 years ago

Well, I've discovered the bug because I wanted to use the filter, and there are scenarios where it can be useful. Removing it wasn't my intent at all, I'd rather like to see it improved.

What I want to do: We have a pretty big cms-like installation with 1000s of users. There is an intermediate management level called stationmanagers between the admins and authors. They can add new users to their station. But to keep it as simple as possible, we want to autogenerate the password which is sent to the new user, so we want to disable the password input field for the stationmanagers.

Maybe it would be a good idea to use different filters for users-new.php and user-edit.php? And of course fix the issue that using the filter prevents the user-new to function at all, as I've described in the ticket description.

Last edited 3 years ago by pampfelimetten (previous) (diff)

comment:3 mdawaffe3 years ago

  • Milestone changed from Awaiting Review to Future Release

+1 on 15115.diff

Agreed it's confusing. Workaround for now would be to roll a better plugin than __return_false().

Note: See TracTickets for help on using tickets.