WordPress.org

Make WordPress Core

Opened 19 months ago

Last modified 4 months ago

#38432 new feature request

Validate user creation and email change by token

Reported by: lriaudel Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9
Component: Login and Registration Keywords: has-patch needs-unit-tests
Focuses: ui Cc:

Description

When you register on a wordpress site or when you change your email, we can use a fake email (or error entry) and it create ghost profile. I see 36 bad profile in 2 month on a website.

If an email is send with a validate links (token), the profile or the email change can be executed.

It secure correct data.

Thanks

Attachments (2)

38432.patch (1.4 KB) - added by dilipbheda 6 months ago.
38432.2.patch (1.3 KB) - added by Girishpanchal 4 months ago.
Set default role and coding standard.

Download all attachments as: .zip

Change History (5)

#1 @johnbillion
19 months ago

  • Component changed from Users to Login and Registration
  • Keywords needs-patch 2nd-opinion added
  • Type changed from enhancement to feature request
  • Version 4.6.1 deleted

@dilipbheda
6 months ago

#2 @dilipbheda
6 months ago

  • Keywords has-patch added; needs-patch 2nd-opinion removed
  • Version set to 4.9

Hello Team

I have added the patch considering that it's better to give user the role when he/she has submitted the registration form. In the email, there is a link to reset password, when anyone clicks on it he/she will be assigned default role as per settings of WordPress.

Let me know your suggestions for the same.

Thanks

#3 @Girishpanchal
4 months ago

  • Focuses ui added
  • Keywords needs-unit-tests added

When the token will be confirmed after updating get_option( 'default_role' ) for register user from admin side. Also updated coding standard.

@Girishpanchal
4 months ago

Set default role and coding standard.

Note: See TracTickets for help on using tickets.