Make WordPress Core

Opened 6 weeks ago

Last modified 6 weeks ago

#58194 new defect (bug)

Users: Don't show 'Reset Password' link if password reset is not allowed

Reported by: ocean90's profile ocean90 Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.7
Component: Users Keywords: good-first-bug has-patch
Focuses: administration Cc:

Description

With the allow_password_reset filter it's possible to disallow a password reset per user. The value of this filter is not checked when adding the 'Reset Password' link to the list table actions added in #34281. In such cases you still get a "Password reset link sent." notice but no email is actually sent.

Relevant part in core: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-users-list-table.php?rev=55276&marks=502-507#L502

Change History (3)

#1 @johnbillion
6 weeks ago

  • Keywords needs-patch added

This ticket was mentioned in PR #4389 on WordPress/wordpress-develop by Cshark1.


6 weeks ago
#2

  • Keywords has-patch added; needs-patch removed

If the allow_password_reset filter is set to false, the admin panel still shows the Send Password reset, even though this does nothing. This PR adds a check to see if the filter is set to false and if it is set to false it does not show the button.

See: https://core.trac.wordpress.org/ticket/58194

#3 @cshark
6 weeks ago

Without this patch, the Send password reset button appears for all the users, even though the user uty has this option disabled though the allow_password_reset filter.
https://i.imgur.com/ZpA4mTu.png

With the patch, the option is not displayed for that user.
https://i.imgur.com/vDW6vqN.png

Note: See TracTickets for help on using tickets.