WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 3 weeks ago

#47732 new defect (bug)

Change user email link

Reported by: stefanpejcic Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.2.2
Component: Users Keywords:
Focuses: administration Cc:

Description

If you are not logged in, Email doesn't change when you click on confirm link in the email.

Steps to reproduce:

  1. From Users > profile add new email address
  2. Log out of your wp-admin
  3. Open the received email and click on the link to confirm the change
  4. wp-admin asks for login, you input your username/password and click login

the email address is not changed.

Another example, where I used 2 devices (mobile and pc):

  1. From Users > profile add new email address
  2. Switch to another device/browser where you are not logged into your site
  3. Open the received email and click on the link to confirm the change
  4. wp-admin asks for login, you input your username/password and click login

the email address is not changed.

I figured out that clicking the confirm link again while logged in does in fact change the email address. Which might be a security feature that checks if the user that is trying to change email address is logged in, but shouldn't this work also after the user logs in?

Change History (2)

#1 @SergeyBiryukov
2 months ago

  • Component changed from Administration to Users

#2 @donmhico
3 weeks ago

Hello @stefanpejcic,

Thank you for the ticket and welcome in the WordPress Trac. Unfortunately, I can't reproduce the bug in my end. I tried testing in on both version 5.2.2 and in the latest trunk.

My steps are:

  1. Login to Dashboard.
  2. Go to Profile then change the email address.
  3. Logout.
  4. Check the email and click the confirmation link.
  5. I'm redirected to the login page. I logged in then I can see the email was updated.

It might help if you can provide the URL are when when you're at the login page.

Note: See TracTickets for help on using tickets.