WordPress.org

Make WordPress Core

Opened 18 months ago

Closed 10 months ago

Last modified 7 months ago

#39117 closed enhancement (fixed)

The old admin email address should be notified of a change to the address

Reported by: johnbillion Owned by: johnbillion
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords:
Focuses: administration, multisite Cc:

Description

In #32430, a notification was added so that users are alerted when their user profile email address is changed.

The same behaviour should be implemented so the old admin email address is notified when the Email Address (single site) or Network Email Address (network admin) fields are changed. This reduces the likelihood of a site or network compromise going unnoticed.

Attachments (9)

39117.diff (4.2 KB) - added by MatheusGimenez 17 months ago.
39117.2.diff (4.2 KB) - added by MatheusGimenez 17 months ago.
39117.3.diff (4.0 KB) - added by MatheusGimenez 17 months ago.
39117.4.diff (4.1 KB) - added by MatheusGimenez 17 months ago.
Update email message
39117.5.diff (4.1 KB) - added by MatheusGimenez 17 months ago.
Add @since
39117.6.diff (3.8 KB) - added by MatheusGimenez 17 months ago.
Move function to wp-admin/includes/misc.php
39117.7.diff (3.8 KB) - added by MatheusGimenez 17 months ago.
Add @param
39117.8.diff (8.7 KB) - added by johnbillion 10 months ago.
39117.9.diff (8.7 KB) - added by johnbillion 10 months ago.

Download all attachments as: .zip

Change History (25)

#1 @MatheusGimenez
17 months ago

Hi, its my first patch. Sorry if i doing something wrong :]

Last edited 17 months ago by MatheusGimenez (previous) (diff)

#2 @MatheusGimenez
17 months ago

  • Keywords needs-patch removed

#3 @MatheusGimenez
17 months ago

Fix email message.

@MatheusGimenez
17 months ago

Update email message

@MatheusGimenez
17 months ago

Add @since

@MatheusGimenez
17 months ago

Move function to wp-admin/includes/misc.php

@MatheusGimenez
17 months ago

Add @param

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


13 months ago

#5 @jbpaul17
13 months ago

  • Keywords has-patch needs-testing added

This will need review and an owner to land in 4.8.

#6 @johnbillion
13 months ago

  • Owner set to johnbillion
  • Status changed from new to reviewing

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


13 months ago

#8 @ocean90
13 months ago

  • Milestone changed from 4.8 to Future Release

Moving to future because beta 1 has been released which means no more commits for any new enhancements or feature requests in this release cycle.

#9 @johnbillion
10 months ago

  • Milestone changed from Future Release to 4.9

#10 @johnbillion
10 months ago

39117.8.diff expands on the patches by @MatheusGimenez so a notification is also sent to the old network admin email address when the network admin email address changes.

Just needs a second pair of eyes, then we're good to go.

Version 0, edited 10 months ago by johnbillion (next)

#11 @johnbillion
10 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 41164:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

#12 @johnbillion
10 months ago

  • Keywords needs-dev-note added; has-patch needs-testing removed

#13 @johnbillion
10 months ago

In 41167:

Options, Meta APIs: Fix a typo introduced in [41164].

See #39117

#14 @johnbillion
10 months ago

In 41170:

Users: Update some tests for admin email change confirmation emails after [41164].

See #40015, #39117

#15 @johnbillion
9 months ago

In 41255:

Options, Meta APIs: Update the multisite unit tests after [41254], [41164], and [41163].

This moves some more previously Multisite-only tests into the main test suite, and makes small adjustments to their assertions.

See #39118, #16470, #39117

#16 @johnbillion
7 months ago

  • Keywords needs-dev-note removed
Note: See TracTickets for help on using tickets.