[wp-trac] [WordPress Trac] #47732: Change user email link
WordPress Trac
noreply at wordpress.org
Thu Jul 18 13:33:17 UTC 2019
#47732: Change user email link
----------------------------+-----------------------------
Reporter: stefanpejcic | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 5.2.2
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
If you are not logged in, Email doesn't change when you click on confirm
link in the email.
Steps to reproduce:
1. From Users > profile add new email address
2. Log out of your wp-admin
3. Open the received email and click on the link to confirm the change
4. wp-admin asks for login, you input your username/password and click
login
the email address is not changed.
Another example, where I used 2 devices (mobile and pc):
1. From Users > profile add new email address
2. Switch to another device/browser where you are not logged into your
site
2. Open the received email and click on the link to confirm the change
3. wp-admin asks for login, you input your username/password and click
login
the email address is not changed.
I figured out that clicking the confirm link again while logged in does in
fact change the email address. Which might be a security feature that
checks if the user that is trying to change email address is logged in,
but shouldn't this work also after the user logs in?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47732>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list