[wp-trac] [WordPress Trac] #44683: Export and Erase personal data - emails sent to wrong address if username is an email address which is different from the actual email address
WordPress Trac
noreply at wordpress.org
Sat Mar 2 01:53:56 UTC 2019
#44683: Export and Erase personal data - emails sent to wrong address if username
is an email address which is different from the actual email address
------------------------------+------------------------------
Reporter: subrataemfluence | Owner: garrett-eclipse
Type: enhancement | Status: reviewing
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------+------------------------------
Changes (by garrett-eclipse):
* keywords: 2nd-opinion needs-unit-tests =>
* owner: desrosj => garrett-eclipse
* status: assigned => reviewing
Comment:
Thanks @subrataemfluence
This is related to #44347 and I feel needs to be addressed there. I was
able to reproduce the issue though but I feel it makes more sense to
introduce rigid controls over emails as usernames than it does to attempt
to anticipate it within the tools.
It's going to get confusing and potentially leak data to the wrong user
when usernames are emails but are of other users.
One thing I found potentially concerning was with registration open I was
able to signup a user using my admin email as their username.
I agree with @knutsp that usernames should prohibit the user of email
addresses. or at worst limit the username to be an exact match of their
email. I'm posting a note to the other ticket and leaving this open for
the time being in case those changes require anything to be done to the
Privacy tools.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44683#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list