Make WordPress Core

Opened 19 months ago

Last modified 19 months ago

#22114 new feature request

Propagating password on change

Reported by: ChloeD Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.4.2
Component: Users Keywords: has-patch close 2nd-opinion
Focuses: Cc:


After creating an account or changing profile information, it is possible to intercept the changed data in a hook. However, this is not possible for the cleartext psasword, and this is a useful feature especially when propagating a password change over different accounts spanning across different systems (in contexts such as updating the password for phpBB, Prestashop, or any PAM thingie when the WordPress password is changed).

Since this feature is by no means possible to implement without core hacks, I am submitting a patch to include this feature in the WP core.

This patch proves useful if we are to integrate other software bricks without having to implement SSO using WordPress' architecture. In my context, I need to be able to log-in through WordPress or directly through the business specific back-end.

Proposed patch is attached.

Attachments (1)

patch-wordpress-users.patch (556 bytes) - added by ChloeD 19 months ago.
Patch (wp-includes/user.php) for propagating cleartext passwords through an action

Download all attachments as: .zip

Change History (8)

ChloeD19 months ago

Patch (wp-includes/user.php) for propagating cleartext passwords through an action

comment:1 scribu19 months ago

  • Keywords close added

With this change, it would be possible for any plugin to record the user's password without telling them about it. -1.

comment:2 ChloeD19 months ago

scribu: pretty much like any plugin can insert its own crap using content filters (and capture the password using $_POST if it has an admin_init hook) :/ Not a problem per se IMO.

comment:3 scribu19 months ago

True. Still, this hook encourages devs to mess with plaintext passwords, when there are possibly better alternatives.

comment:4 ChloeD19 months ago

  • Keywords 2nd-opinion added

As Rob Miller (on wp-hackers) said, "any plugin could access a user's plaintext password even now and has always been able to, by hooking into wp_login and then examining the POST variables".

Hence, I'd rather go for implementing it clearly, instead of doing it through hacks. Maybe another opinion would be useful? Instead of keeping stuff dirty, pushing them into the API is a better option, as whatever dirty or unsafe things devs will want to do, they'll be able to do no matter how much you restrict them from trying to do so.

comment:5 follow-up: scribu19 months ago

That's like saying "people are going to shoot themselves in the foot anyway, so we might as well give them some bullets."

comment:6 in reply to: ↑ 5 bradparbs19 months ago

Replying to scribu:

That's like saying "people are going to shoot themselves in the foot anyway, so we might as well give them some bullets."

+1 to this, I don't think we should encourage the ability to easily grab a plaintext password, ever.

comment:7 bradparbs19 months ago

  • Cc brad@… added
Note: See TracTickets for help on using tickets.