[wp-trac] [WordPress Trac] #42967: New admin email change featuer should be rolled back

WordPress Trac noreply at wordpress.org
Sat Dec 23 12:14:35 UTC 2017


#42967: New admin email change featuer should be rolled back
-----------------------------+------------------------------
 Reporter:  johndeebdd       |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:  4.9
 Severity:  normal           |  Resolution:
 Keywords:  close            |     Focuses:
-----------------------------+------------------------------
Changes (by Clorith):

 * keywords:   => close


Comment:

 @mark-k You do not need access to the old email address to change
 anything, you need access to the **new** address, which is where the
 confirmation email is sent from WordPress.

 Here's the current flow:

 - User is registered with the email address `username at hotmail.com`
 - User goes into their profile page in the WordPress admin
 - User edits the ''email'' field and changes it to `username at gmail.com`
 - WordPress sends an email to **`username at gmail.com`** with a link to
 click to confirm the address change
 - User clicks the link in the email to change their address
 - WordPress sends an email to `username at hotmail.com` with information that
 the address has now been changed to `username at gmail.com`

 No access to the old address is required, it is merely included in the
 flow as a courtesy (and security precaution, in case of a malicious change
 the user is now made aware of that change) to inform of an already
 completed change.

 ---

 Honestly, for the vast majority of users, this behavior isn't a problem
 (and for many, probably expected as most services you encounter these days
 require email verification on edits), as such I would say this is a
 `wontfix` issue, as the behavior can be controlled via filters and actions
 for those unhappy with the implementation, but will leave it open for
 final input by the implementing deveoper.

 The `send_email_change_email` filter will allow you to prevent sending the
 email, and also provides you with the data the user supplied, this can be
 used to override things and store the new email straight away.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42967#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list