[wp-trac] [WordPress Trac] #42967: New admin email change featuer should be rolled back
WordPress Trac
noreply at wordpress.org
Sat Dec 23 04:06:31 UTC 2017
#42967: New admin email change featuer should be rolled back
-----------------------------+------------------------------
Reporter: johndeebdd | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by knutsp):
Why would anyone bother change the email address if the server can't send
emails? In such case any stored email address, for the site or for users,
are completely unusable.
A confirmation is sent to the new address, as a kind of sanitation of the
email address. The old address is not involved in this process. If the
confirmation cannot be received by the admin there is no point in
committing the change.
A lot of applications use some extra, or repeated, credentials to change
certain settings. All changes of all email addresses in any system should
be confirmed by proving you can receive a message by it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42967#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list