[wp-trac] [WordPress Trac] #48879: Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect)

WordPress Trac noreply at wordpress.org
Wed Jul 7 16:52:34 UTC 2021


#48879: Changing Site Admin Email Assumes Username and Who Took the Action (which
may be incorrect)
----------------------------------------+-----------------------------
 Reporter:  MadtownLems                 |       Owner:  (none)
     Type:  enhancement                 |      Status:  new
 Priority:  normal                      |   Milestone:  Future Release
Component:  Users                       |     Version:  5.3
 Severity:  minor                       |  Resolution:
 Keywords:  needs-patch good-first-bug  |     Focuses:  multisite
----------------------------------------+-----------------------------

Comment (by MadtownLems):

 The email message you have quoted is changing the email address of your
 user account. This ticket is about changing the Site Administration email
 address.

 I confirmed this issue still exists on 5.8-RC-2

 To reproduce:

 1) Have a multisite environment.
 2) Go to a subsite, Settings->General, and attempt to change the site
 administration email address.

 The newly entered site administration email address will get a message
 that states:

 "Howdy (USERNAME OF SOMEONE THAT MIGHT NOT BE THE ONE GETTING THIS EMAIL),

 You recently requested to have..."

 But again, this makes a huge assumption that the recipient of this email
 took the action. When they didn't, this is a very concerning email, as it
 makes people think that security has been compromised.



 To summarize, the two issues with the email:

 1) It is addressed to the username of the currently logged in user, even
 when that user is changing the site administration email address to
 someone else.
 2) It says "YOU recently..." when there's no reason to believe that the
 owner of the new site administration email address actually took the
 action to trigger this email.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48879#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list