WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#38451 closed defect (bug) (fixed)

WordPress Profile email change is flawed but has an easy fix

Reported by: ThemesMatic Owned by: ocean90
Milestone: 4.7 Priority: normal
Severity: normal Version:
Component: Users Keywords: good-first-bug has-patch needs-testing
Focuses: administration, multisite Cc:

Description

Currently, when a user resets their email address in their make.wordpress.org profile it sends the email confirmation, however, when the user clicks the link in the confirmation it throws an error which displays it to the user leaving them unable to update their email. The error message reads as follows:

"You attempted to access the "Make WordPress" dashboard, but you do not currently have privileges on this site. If you believe you should be able to access the "Make WordPress" dashboard, please contact your network administrator."

The reason WordPress displays this error, is the URL sent in the email to the user is incorrect.
The current confirmation link sent to the user is structured:

https://make.wordpress.org/wp-admin/profile.php?newuseremail=123456etc

The correct structure is:

https://make.wordpress.org/wp-admin/user/profile.php?newuseremail=123456etc

its missing "/user/" before "profile.php"
By adding "/user/" to the link I was able to update my email which removes "pending email update" from the profile page.
Seems like an easy fix.

Attachments (1)

38451.diff (803 bytes) - added by dave.pullig 3 years ago.

Download all attachments as: .zip

Change History (8)

#1 @swissspidy
3 years ago

  • Component changed from General to WordPress.org site
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hey there,

Thanks for your report and welcome to WordPress Trac! Please note that this place is for reporting bugs in WordPress core, and not the WordPress.org website. Bug reports for that should be reported on https://meta.trac.wordpress.org. It's likely that this issue was already reported there before, so make sure a similar ticket does not exist yet.

#2 @ocean90
3 years ago

  • Component changed from WordPress.org site to Users
  • Focuses multisite added
  • Keywords needs-patch good-first-bug added
  • Milestone set to Future Release
  • Resolution invalid deleted
  • Status changed from closed to reopened
  • Version 4.6.1 deleted

Re-opening since this is a bug in core. send_confirmation_on_profile_email() uses admin_url() which should be self_admin_url().

Related: #35766

@dave.pullig
3 years ago

#3 @dave.pullig
3 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

This ticket was mentioned in Slack in #meta-tracdev by dd32. View the logs.


3 years ago

#5 @ocean90
3 years ago

  • Milestone changed from Future Release to 4.7
  • Owner set to ocean90
  • Status changed from reopened to reviewing

#6 @ocean90
3 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 38876:

Users: Use self_admin_url() for the email change confirmation link.

Prevents sending users to wp-admin/profile.php if they only have access to wp-admin/user/profile.php.

Props dave.pullig.
Fixes #38451.

#7 @ThemesMatic
3 years ago

You guys rock.
Glad I could help.

Note: See TracTickets for help on using tickets.