WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 15 months ago

#9883 reopened enhancement

Password shows under Settings / Writing

Reported by: mastrup Owned by: ryan
Milestone: Future Release Priority: low
Severity: trivial Version: 2.7.1
Component: Administration Keywords: has-patch gsoc
Focuses: ui Cc:

Description (last modified by Denis-de-Bernardy)

The password box in the section "Post via e-mail" on Settings -> Writing should hide the password, not show it.

Attachments (1)

9883.diff (617 bytes) - added by wojtek.szkutnik 4 years ago.

Download all attachments as: .zip

Change History (18)

comment:1 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added
  • Milestone changed from Unassigned to Future Release
  • Severity changed from normal to trivial

don't you mean the password over at settings / writing? If not, this is invalid -- that would have been added by a plugin.

comment:2 ryan5 years ago

  • Milestone Future Release deleted
  • Resolution set to invalid
  • Status changed from new to closed

I cant find the string 'Topics via e-mail' anywhere in WP. Please reopen with more information.

comment:3 ryan5 years ago

  • Milestone set to Future Release
  • Resolution invalid deleted
  • Status changed from closed to reopened

Ah, probably "Post via e-mail" on Settings -> Writing. Overlooked comment from Denis-de-Bernardy.

comment:4 Denis-de-Bernardy5 years ago

  • Description modified (diff)
  • Summary changed from Password to Password shows under Settings / Writing

comment:5 Denis-de-Bernardy5 years ago

  • Component changed from Security to UI
  • Milestone changed from Future Release to 2.9
  • Type changed from feature request to enhancement

comment:6 bandonrandon5 years ago

  • Cc bandonrandon@… added

This should be as simple as changing the input type from "text" to "password" which I can easily do and upload a patch. My question is because this is an admin only page and the user is theoretically setting the password for there "post via e-mail" do we want to either

a) enable an option to allow them to see the password if the checkbox is checked (ie,change the input type using jquary)

b) make the user confirm their password to make sure they typed the same thing twice and know their password

c) just change the input type and trust the user to not mess up their password and if they do they can always go back and type it again.

comment:7 janeforshort4 years ago

  • Milestone changed from 2.9 to Future Release

Punting due to schedule.

comment:8 wojtek.szkutnik4 years ago

  • Cc wojtek.szkutnik@… added

comment:9 wojtek.szkutnik4 years ago

a) is not very user-friendly for me
b) in my opinion password confirmations should be used for registration purposes only, when there's a bad user authentication data threat
I'd go with c), which is the best option out of the three simple solutions. However, one would expect a "check authentication data" button to make sure the login and password are valid.

wojtek.szkutnik4 years ago

comment:10 wojtek.szkutnik4 years ago

  • Cc wojtek.szkutnik@… removed
  • Keywords has-patch gsoc added; needs-patch removed

comment:11 nacin4 years ago

  • Keywords ux-feedback added

Seems sane to me.

comment:13 dd324 years ago

I'm not sure emiting the password in the HTML and setting it as type="password" is going to be the best, I'm certain we'd see a "Password shown to hackers!11!1" type report in that case...

If anything, I'd like to see the field shown blank/greyed down with a message explaining it. Upon option save, it'll be possible to check to see if the value submitted is non-empty and different from the current one.

Of course, the other option is to do type=password & echo * and just prevent updating the password to that value..

comment:14 dd324 years ago

at the same time, the password would be visible on options.php as well i believe.

comment:15 wojtek.szkutnik4 years ago

  • Cc wojtek.szkutnik@… added

comment:16 sabreuse15 months ago

  • Component changed from UI to Administration
  • Keywords ui-focus added; ux-feedback removed

See #22942 for discussion on deprecating and then removing Post By Email altogether: if that goes ahead, I don't think there will be much point in updating an interface that the majority of users won't see, and that hasn't caused complaints since this issue was raised. Until then, moving it as part of the UI cleanup.

comment:17 SergeyBiryukov15 months ago

Similar discussions for the installation screen: #3534, #5529.

The consensus was that the visible password allows the user to make sure it's typed correctly.

Last edited 15 months ago by SergeyBiryukov (previous) (diff)
Note: See TracTickets for help on using tickets.