Make WordPress Core

Opened 7 weeks ago

#61093 new defect (bug)

Bulk Action 'Send password reset' on site-users.php isnt coded

Reported by: ignatiusjeroe's profile ignatiusjeroe Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Networks and Sites Keywords:
Focuses: multisite Cc:


The bulk action 'Send password reset' on site-users.php has no code associated with it (explained below). By managing the Users for a particular blog you can individually send a password reset email by using the quick action menu option (by hovering over a row and selecting 'send password reset' - not available for user #1). Or use the bulk action field.

Please notice that the URL for the bulk action is different than the quick action option. The bulk action redirect to <form action='site-users.php?action=update-site'>, while quick action redirects to users.php?action=resetpassword&users=3&_wpnonce=fd7e888118. That is the issue!! users.php does handle the action correctly, while site-users.php is missing the script that handles it. More details below.

The switch-statement on wp-admin/network/site-users.php @ line 61 has no case for value 'resetpassword' so the default case is used. This prompts WP to redirect to "/wp-admin/network/site-users.php?id=1&paged=1&update=resetpassword".

The if-statement (line 236-288) is responsible for outputting the admin notice. But since the case-statement has no case for 'resetpassword' an empty message is output.

So no password reset took place. This must be resolved. The easiest way is to implement the code block used in users.php that handles password reset requests.

Change History (0)

Note: See TracTickets for help on using tickets.