[wp-trac] [WordPress Trac] #48879: Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect)
WordPress Trac
noreply at wordpress.org
Wed Jul 7 16:52:34 UTC 2021
#48879: Changing Site Admin Email Assumes Username and Who Took the Action (which
may be incorrect)
----------------------------------------+-----------------------------
Reporter: MadtownLems | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Users | Version: 5.3
Severity: minor | Resolution:
Keywords: needs-patch good-first-bug | Focuses: multisite
----------------------------------------+-----------------------------
Comment (by MadtownLems):
The email message you have quoted is changing the email address of your
user account. This ticket is about changing the Site Administration email
address.
I confirmed this issue still exists on 5.8-RC-2
To reproduce:
1) Have a multisite environment.
2) Go to a subsite, Settings->General, and attempt to change the site
administration email address.
The newly entered site administration email address will get a message
that states:
"Howdy (USERNAME OF SOMEONE THAT MIGHT NOT BE THE ONE GETTING THIS EMAIL),
You recently requested to have..."
But again, this makes a huge assumption that the recipient of this email
took the action. When they didn't, this is a very concerning email, as it
makes people think that security has been compromised.
To summarize, the two issues with the email:
1) It is addressed to the username of the currently logged in user, even
when that user is changing the site administration email address to
someone else.
2) It says "YOU recently..." when there's no reason to believe that the
owner of the new site administration email address actually took the
action to trigger this email.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48879#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list