Make WordPress Core

Opened 8 years ago

Last modified 8 months ago

#41522 new defect (bug)

wp_set_password() doesn't trigger a changed password notification

Reported by: henrywright's profile henry.wright Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: dev-feedback has-patch close
Focuses: Cc:

Description

If wp_update_user() is used to update a user's password, a notification is sent to the user telling them their password has changed.

However, the same doesn't happen if wp_set_password() is used to update a user's password.

Attachments (1)

41522.diff (687 bytes) - added by henry.wright 8 years ago.

Download all attachments as: .zip

Change History (6)

#1 @henry.wright
8 years ago

  • Keywords dev-feedback added

If wp_set_password() was rewritten to use the API, specifically wp_update_user(), then a notification would be sent. Thing is, it's a pluggable function. What's the policy on updating those things considering people could have their own implementation in a mu-plugins file?

@henry.wright
8 years ago

#2 @henry.wright
8 years ago

  • Keywords has-patch added

41522.diff rewrites wp_set_password() so that it uses wp_update_user(). wp_update_user() will hash the password so 41522.diff also removes the use of wp_hash_password() from wp_set_password().

#3 @SergeyBiryukov
8 years ago

  • Component changed from General to Users

#4 @dd32
8 months ago

  • Keywords close added

I consider this to be the correct behaviour of the function.

I think it's worth noting this comment in the functions description:

Please note: This function should be used sparingly and is really only meant for single-time application. Leveraging this improperly in a plugin or theme could result in an endless loop of password resets if precautions are not taken to ensure it does not execute on every page load.

This function should be not be used where wp_update_user( [ 'ID' => $user_id, 'user_pass' => 'hunter1' ] ); would be more appropriate.

#5 @henry.wright
8 months ago

Fair enough

Note: See TracTickets for help on using tickets.