WordPress.org

Make WordPress Core

Opened 11 months ago

Last modified 11 months ago

#41522 new defect (bug)

wp_set_password() doesn't trigger a changed password notification

Reported by: henry.wright Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: dev-feedback has-patch
Focuses: Cc:

Description

If wp_update_user() is used to update a user's password, a notification is sent to the user telling them their password has changed.

However, the same doesn't happen if wp_set_password() is used to update a user's password.

Attachments (1)

41522.diff (687 bytes) - added by henry.wright 11 months ago.

Download all attachments as: .zip

Change History (4)

#1 @henry.wright
11 months ago

  • Keywords dev-feedback added

If wp_set_password() was rewritten to use the API, specifically wp_update_user(), then a notification would be sent. Thing is, it's a pluggable function. What's the policy on updating those things considering people could have their own implementation in a mu-plugins file?

@henry.wright
11 months ago

#2 @henry.wright
11 months ago

  • Keywords has-patch added

41522.diff rewrites wp_set_password() so that it uses wp_update_user(). wp_update_user() will hash the password so 41522.diff also removes the use of wp_hash_password() from wp_set_password().

#3 @SergeyBiryukov
11 months ago

  • Component changed from General to Users
Note: See TracTickets for help on using tickets.