[wp-trac] [WordPress Trac] #58407: resetpassword action on users.php (users list page) handles retrieve_password() return incorrectly
WordPress Trac
noreply at wordpress.org
Thu Oct 12 22:53:54 UTC 2023
#58407: resetpassword action on users.php (users list page) handles
retrieve_password() return incorrectly
-------------------------------------------------+-------------------------
Reporter: letraceursnork | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.4
Component: Users | Version: 6.2.2
Severity: trivial | Resolution:
Keywords: good-first-bug has-patch needs- | Focuses: ui,
testing | administration
-------------------------------------------------+-------------------------
Comment (by ironprogrammer):
Thank you, everyone, for helping move this ticket forward 🙌🏻
== Test Report
Patch tested (the initial approach discussed during the scrub in
comment:34 and comment:35):
https://core.trac.wordpress.org/attachment/ticket/58407/58407.diff 👍🏻
=== Steps to Reproduce and Test Patch
1. Prepare a password reset disablement plugin by creating a PHP file in
the `/wp-content/mu-plugins/` directory with these contents:
{{{#!php
<?php
// This filter is intentionally commented out until testing is required.
//add_filter( 'allow_password_reset', '__return_false' );
}}}
2. Navigate to ''Users > All Users''. If only one user exists (your
login), create another user to use for testing.
3. For users listed (other than yourself), note that "Send password reset"
should be an option. This should also be available in the "Bulk options"
dropdown above the list.
4. In the plugin file above, remove the comment from the `add_filter` line
to enable the filter, and save the file.
''REPRODUCE''
5. 👀 Click the "Send password reset" link for a user and observe the
displayed status message. Click the browser's Back button*.
6. 👀 Try the same by checking the boxes for one or more users and using
the bulk option "Send password reset" and clicking **Apply**.
''TEST PATCH''
7. 🩹 Apply patch.
8. 👀 Click the "Send password reset" link for a user and observe the
displayed status message. Click the browser's Back button*.
9. 👀 Try the same by checking the boxes for one or more users and using
the bulk option "Send password reset" and clicking **Apply**.
''*If during testing the links to "Send password reset" disappear and your
browser's Back button doesn't restore them, then re-comment out the
`add_filter` line in the plugin, save it, and refresh the page. Then
continue from Step 4.''
=== Environment
- Hardware: MacBook Pro Apple M1 Pro
- OS: macOS 13.6
- Browser: Safari 16.6
- Server: nginx/1.25.2
- PHP: 8.2.11
- WordPress: 6.4-beta4-56923-src
- Theme: twentytwentythree v1.2
- Active Plugins:
- test-trac-58407 (the test mu-plugin noted in Step 1)
=== Actual Results
- ✅ Issue reproduced: with password resets disabled, the status message
displayed is "Password reset link sent." (Figure 1).
- ✅ Issue resolved: after patch, with password resets disabled, the
status message is "Password reset links sent to 0 users." (Figure 2).
=== Supplemental Artifacts
''Figure 1: Issue reproduced.''
[[Image(https://cldup.com/c8Ukys-loI.thumb.png, 220px)]]
''Figure 2: After patch, issue resolved.''
[[Image(https://cldup.com/OiwSVcLdWf.thumb.jpg, 300px)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58407#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list