WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#34108 closed defect (bug) (duplicate)

WordPress 4.3.1 password reset on user form submit

Reported by: LordSpackolatius Owned by: adamsilverstein
Milestone: Priority: normal
Severity: normal Version: 4.3.1
Component: Users Keywords:
Focuses: administration Cc:

Description (last modified by SergeyBiryukov)

In WordPress 4.3.1, there is a new bug that occurs whenever you edit a user profile.
Even when not setting a new password, the form generates and saves a new random password. We locked ourselves out of our own WP site 3 times now until we found the bug. Every time we received a password reset notification via email.
Please fix this asap, as other administrators might face the same problems.

Sincerely, MZ

Change History (7)

#1 @SergeyBiryukov
4 years ago

  • Description modified (diff)
  • Summary changed from Wordpress 4.3.1 password reset on user form submit to WordPress 4.3.1 password reset on user form submit

Hi @LordSpackolatius, welcome to Trac!

I could not reproduce the issue. Does it still happen with all plugins disabled and a default theme (Twenty Fifteen) activated?

#2 @dikiy_forester
4 years ago

I was able to partly replicate this issue. In my case password wasn't changed, but each time after update profile I recieved "Notice of Password Change" email.

The problem is in web browser's autofill password option. So browser filled the pass1 profile form field with my current password. Changing browser or disabling "autofill password" option resolves the issue.

My testing installation:

  1. WordPress 4.3.2-alpha
  2. Theme 2015
  3. no plugins activated
  4. Google Chromium ver. 45.0.2454.101

Looks like it's browser issue, but anyway WordPress should prevent such behaviour.

#3 @SergeyBiryukov
4 years ago

  • Milestone changed from Awaiting Review to 4.3.2

Moving for investigation.

#4 @DrewAPicture
4 years ago

  • Owner set to adamsilverstein
  • Status changed from new to assigned

#5 @adamsilverstein
4 years ago

  • Milestone 4.3.2 deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate of #33699.

#6 @adamsilverstein
4 years ago

@dikiy_forester & @LordSpackolatius: The patch on #33699 should resolve this issue. Help appreciated if if you are able to reproduce and can test the patch.

Thanks for the bug report!

#7 @LordSpackolatius
4 years ago

Hello everybody,
Sorry for not participating in the bug report after having submitted it but I got really sick (still am), the kind of sick that forces you to stay in bed for a whole week.
I will test this the next time I'm in office.
Thanks for the great response, i really appreciate this.
And yes this occurred on a clean WP installation.

Note: See TracTickets for help on using tickets.