[wp-trac] [WordPress Trac] #22114: Propagating password on change
WordPress Trac
noreply at wordpress.org
Tue Oct 7 07:01:46 UTC 2014
#22114: Propagating password on change
-----------------------------+------------------------------
Reporter: ChloeD | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.4.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-----------------------------+------------------------------
Changes (by dd32):
* keywords: has-patch close 2nd-opinion => has-patch
Comment:
The patch seems sane to me, so +1 from me (although a filter rename to
`user_password_updated` wouldn't go astray IMHO)
There's no way around it - If you're implementing a SSO system where
WordPress users exist elsewhere, you need access to the plaintext
password, which you currently have by checking a variety of `$_POST`
fields.
Adding an action, clearly intended as a way to perform an action upon user
password updating (be it auditing, SSO, or invalidation) seems sane, and
having the users password available on that hook seems appropriate.
Plugins have full reign over the environment already, it's not worth
pretending that the password is protected data that plugins shouldn't see,
we don't have the ability to hide it, or control what plugins do with it,
so instead we trust plugins that a user has installed on their site.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/22114#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list