WordPress.org

Make WordPress Core

Opened 20 months ago

Closed 12 months ago

Last modified 9 months ago

#39117 closed enhancement (fixed)

The old admin email address should be notified of a change to the address

Reported by: johnbillion Owned by: johnbillion
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords:
Focuses: administration, multisite Cc:

Description

In #32430, a notification was added so that users are alerted when their user profile email address is changed.

The same behaviour should be implemented so the old admin email address is notified when the Email Address (single site) or Network Email Address (network admin) fields are changed. This reduces the likelihood of a site or network compromise going unnoticed.

Attachments (9)

39117.diff (4.2 KB) - added by MatheusGimenez 19 months ago.
39117.2.diff (4.2 KB) - added by MatheusGimenez 19 months ago.
39117.3.diff (4.0 KB) - added by MatheusGimenez 19 months ago.
39117.4.diff (4.1 KB) - added by MatheusGimenez 19 months ago.
Update email message
39117.5.diff (4.1 KB) - added by MatheusGimenez 19 months ago.
Add @since
39117.6.diff (3.8 KB) - added by MatheusGimenez 19 months ago.
Move function to wp-admin/includes/misc.php
39117.7.diff (3.8 KB) - added by MatheusGimenez 19 months ago.
Add @param
39117.8.diff (8.7 KB) - added by johnbillion 12 months ago.
39117.9.diff (8.7 KB) - added by johnbillion 12 months ago.

Download all attachments as: .zip

Change History (25)

#1 @MatheusGimenez
19 months ago

Hi, its my first patch. Sorry if doing something wrong :]

Version 0, edited 19 months ago by MatheusGimenez (next)

#2 @MatheusGimenez
19 months ago

  • Keywords needs-patch removed

#3 @MatheusGimenez
19 months ago

Fix email message.

@MatheusGimenez
19 months ago

Update email message

@MatheusGimenez
19 months ago

Add @since

@MatheusGimenez
19 months ago

Move function to wp-admin/includes/misc.php

@MatheusGimenez
19 months ago

Add @param

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


15 months ago

#5 @jbpaul17
15 months ago

  • Keywords has-patch needs-testing added

This will need review and an owner to land in 4.8.

#6 @johnbillion
15 months ago

  • Owner set to johnbillion
  • Status changed from new to reviewing

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


14 months ago

#8 @ocean90
14 months ago

  • Milestone changed from 4.8 to Future Release

Moving to future because beta 1 has been released which means no more commits for any new enhancements or feature requests in this release cycle.

#9 @johnbillion
12 months ago

  • Milestone changed from Future Release to 4.9

#10 @johnbillion
12 months ago

39117.8.diff expands on the patches by @MatheusGimenez so a notification is also sent to the old network admin email address when the network admin email address changes (on multisite).

Just needs a second pair of eyes, then we're good to go.

Last edited 12 months ago by johnbillion (previous) (diff)

#11 @johnbillion
12 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 41164:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

#12 @johnbillion
12 months ago

  • Keywords needs-dev-note added; has-patch needs-testing removed

#13 @johnbillion
12 months ago

In 41167:

Options, Meta APIs: Fix a typo introduced in [41164].

See #39117

#14 @johnbillion
12 months ago

In 41170:

Users: Update some tests for admin email change confirmation emails after [41164].

See #40015, #39117

#15 @johnbillion
11 months ago

In 41255:

Options, Meta APIs: Update the multisite unit tests after [41254], [41164], and [41163].

This moves some more previously Multisite-only tests into the main test suite, and makes small adjustments to their assertions.

See #39118, #16470, #39117

#16 @johnbillion
9 months ago

  • Keywords needs-dev-note removed
Note: See TracTickets for help on using tickets.