[wp-trac] [WordPress Trac] #48153: Allow the admin email verification capability to be filtered
WordPress Trac
noreply at wordpress.org
Mon Sep 30 19:24:04 UTC 2019
#48153: Allow the admin email verification capability to be filtered
--------------------------+-----------------------------
Reporter: desrosj | Owner: desrosj
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 5.3
Component: Site Health | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses: administration
--------------------------+-----------------------------
Comment (by azaozz):
Looking at this a bit more: we are also checking `current_user_can(
'manage_options' )` before outputting the email verification screen. Even
if we redirect a user without that capability (as in [46323]), they will
not be able to see the form, and will be redirected again to wp-admin/.
ToDo:
- Match the capability required to access Settings->General before
redirecting to the email verification screen. This is just for the
redirect, the user capabilities will be checked again before showing the
verification screen and again before letting them change the admin email
address (if selected).
- Add another filter for more granular control of who sees that screen.
Something like `show_admin_email_verification` from 48153.4.diff would
work well. Then plugins will be able to do additional capabilities checks
before redirecting and limit access for users, or to completely disable
showing of this screen. The same filter will need to be checked at the top
before outputting the verification screen.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48153#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list