Opened 8 years ago
#40835 new defect (bug)
Password and email change emails should not contain site-specific wording on multisite
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | needs-patch dev-feedback |
Focuses: | multisite | Cc: |
Description
With multisite enabled, the following three actions (there may be more) result in an email being sent to the user which contains wording specific to the site that the user happens to be on when they perform the action:
- Attempt to change their email address.
- Confirmed change of email address.
- Changed password.
As an example, here's the text from the "Notice of Password Change" email:
Hi john, This notice confirms that your password was changed on Site B. If you did not change your password, please contact the Site Administrator at siteb@example.com This email has been sent to john@example.com Regards, All at Site B http://mtrunk.wp/siteb
This is misleading because it's not immediately clear whether my password was changed on all the sites on the network, or whether the change was specific to "Site B".
In addition, the email address shown is the email address of the site administrator, not the network administrator. The site administrator does not necessarily have the ability to manage users.
There may be similar considerations to those raised in #21352 regarding a user's awareness of the site being part of a network of sites.