Make WordPress Core

Opened 12 years ago

Last modified 4 years ago

#9883 assigned enhancement

Password shows under Settings / Writing

Reported by: mastrup Owned by:
Milestone: Future Release Priority: low
Severity: trivial Version: 2.7.1
Component: Administration Keywords: has-patch
Focuses: ui Cc:

Description (last modified by Denis-de-Bernardy)

The password box in the section "Post via e-mail" on Settings -> Writing should hide the password, not show it.

Attachments (1)

9883.diff (617 bytes) - added by wojtek.szkutnik 11 years ago.

Download all attachments as: .zip

Change History (21)

#1 @Denis-de-Bernardy
12 years ago

  • Keywords needs-patch added
  • Milestone changed from Unassigned to Future Release
  • Severity changed from normal to trivial

don't you mean the password over at settings / writing? If not, this is invalid -- that would have been added by a plugin.

#2 @ryan
12 years ago

  • Milestone Future Release deleted
  • Resolution set to invalid
  • Status changed from new to closed

I cant find the string 'Topics via e-mail' anywhere in WP. Please reopen with more information.

#3 @ryan
12 years ago

  • Milestone set to Future Release
  • Resolution invalid deleted
  • Status changed from closed to reopened

Ah, probably "Post via e-mail" on Settings -> Writing. Overlooked comment from Denis-de-Bernardy.

#4 @Denis-de-Bernardy
12 years ago

  • Description modified (diff)
  • Summary changed from Password to Password shows under Settings / Writing

#5 @Denis-de-Bernardy
12 years ago

  • Component changed from Security to UI
  • Milestone changed from Future Release to 2.9
  • Type changed from feature request to enhancement

#6 @bandonrandon
12 years ago

  • Cc bandonrandon@… added

This should be as simple as changing the input type from "text" to "password" which I can easily do and upload a patch. My question is because this is an admin only page and the user is theoretically setting the password for there "post via e-mail" do we want to either

a) enable an option to allow them to see the password if the checkbox is checked (ie,change the input type using jquary)

b) make the user confirm their password to make sure they typed the same thing twice and know their password

c) just change the input type and trust the user to not mess up their password and if they do they can always go back and type it again.

#7 @janeforshort
12 years ago

  • Milestone changed from 2.9 to Future Release

Punting due to schedule.

#8 @wojtek.szkutnik
11 years ago

  • Cc wojtek.szkutnik@… added

#9 @wojtek.szkutnik
11 years ago

a) is not very user-friendly for me
b) in my opinion password confirmations should be used for registration purposes only, when there's a bad user authentication data threat
I'd go with c), which is the best option out of the three simple solutions. However, one would expect a "check authentication data" button to make sure the login and password are valid.

#10 @wojtek.szkutnik
11 years ago

  • Cc wojtek.szkutnik@… removed
  • Keywords has-patch gsoc added; needs-patch removed

#11 @nacin
11 years ago

  • Keywords ux-feedback added

Seems sane to me.

#13 @dd32
11 years ago

I'm not sure emiting the password in the HTML and setting it as type="password" is going to be the best, I'm certain we'd see a "Password shown to hackers!11!1" type report in that case...

If anything, I'd like to see the field shown blank/greyed down with a message explaining it. Upon option save, it'll be possible to check to see if the value submitted is non-empty and different from the current one.

Of course, the other option is to do type=password & echo * and just prevent updating the password to that value..

#14 @dd32
11 years ago

at the same time, the password would be visible on options.php as well i believe.

#15 @wojtek.szkutnik
11 years ago

  • Cc wojtek.szkutnik@… added

#16 @sabreuse
9 years ago

  • Component changed from UI to Administration
  • Keywords ui-focus added; ux-feedback removed

See #22942 for discussion on deprecating and then removing Post By Email altogether: if that goes ahead, I don't think there will be much point in updating an interface that the majority of users won't see, and that hasn't caused complaints since this issue was raised. Until then, moving it as part of the UI cleanup.

#17 @SergeyBiryukov
9 years ago

Similar discussions for the installation screen: #3534, #5529.

The consensus was that the visible password allows the user to make sure it's typed correctly.

Last edited 9 years ago by SergeyBiryukov (previous) (diff)

#18 @ryan
7 years ago

  • Owner ryan deleted
  • Status changed from reopened to assigned

#19 @chriscct7
6 years ago

  • Keywords gsoc removed

#20 @SergeyBiryukov
4 years ago

#40402 was marked as a duplicate.

Note: See TracTickets for help on using tickets.