WordPress.org
Get WordPress

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#33419 closed defect (bug) (fixed)

Cancelling password update on user-profile fails

Reported by: peterwilsoncc's profile peterwilsoncc Owned by: adamsilverstein's profile adamsilverstein
Milestone: 4.3.1 Priority: normal
Severity: major Version: 4.3
Component: Users Keywords: has-patch commit fixed-major
Focuses: javascript, administration Cc:

Description

Cancelling a new password on the user profile form fails.

  1. Edit user profile
  2. Click Generate Password
  3. Click Cancel
  4. Submit the form
  5. New password is set

Prior to step 1, #pass1's value is empty; following step 3, #pass1 is set, #pass2 is empty.

Attachments (2)

33419.1.diff (430 bytes) - added by peterwilsoncc 10 years ago.
33419.2.diff (501 bytes) - added by SergeyBiryukov 10 years ago.

Download all attachments as: .zip

Change History (11)

@peterwilsoncc
10 years ago

#1 @peterwilsoncc
10 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.3.1
  • Severity changed from normal to major

33419.1.diff clears the password fields when a user clicks the cancel new password button on the profile page.

Setting milestone and upping severity as inadvertently setting a user's passwords seems to warrant it.

#2 @adamsilverstein
10 years ago

Good catch @peterwilsoncc, I will test the patch.

Related: #33450.

#3 @adamsilverstein
10 years ago

  • Focuses administration added
  • Keywords commit added
  • Owner set to adamsilverstein
  • Status changed from new to assigned

This looks good, thanks for catching and fixing this!

I tested this and verified: before the patch, clicking cancel then save resulted in a changed password. With the patch, performing the same sequence the password is not updated.

Thanks!

@SergeyBiryukov
10 years ago

#4 follow-up: @SergeyBiryukov
10 years ago

We could replace $( '#pass1' ) with $pass1, which is set earlier.

I've found another quirk:

  1. Click Generate Password.
  2. Enter a weak password (e.g. "123").
  3. Click Cancel.
  4. The Update User button is still inactive after clicking cancel, because "Confirm use of weak password" checkbox was not checked.

33419.2.diff fixes that too.

#5 in reply to: ↑ 4 @adamsilverstein
10 years ago

Nice improvements! Thank you.

Replying to SergeyBiryukov:

We could replace $( '#pass1' ) with $pass1, which is set earlier.

I've found another quirk:

  1. Click Generate Password.
  2. Enter a weak password (e.g. "123").
  3. Click Cancel.
  4. The Update User button is still inactive after clicking cancel, because "Confirm use of weak password" checkbox was not checked.

33419.2.diff fixes that too.

#6 @SergeyBiryukov
10 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 33766:

Prevent unintended password change after clicking "Generate Password" and then "Cancel" when editing a user profile.

props peterwilsoncc.
fixes #33419 for trunk.

#7 @SergeyBiryukov
10 years ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#8 @SergeyBiryukov
10 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33980:

Prevent unintended password change after clicking "Generate Password" and then "Cancel" when editing a user profile.

Merges [33766] to the 4.3 branch.

Props peterwilsoncc.
Fixes #33419 for 4.3.1.

#9 @SergeyBiryukov
9 years ago

In 38494:

Users: After [33766], don't reset the password when clicking "Show Password" and then "Cancel" on Add New User screen.

Props smerriman for reporting.
Fixes #37902. See #33419.

Note: See TracTickets for help on using tickets.