[wp-trac] [WordPress Trac] #54481: User list doesn't honor allow_password_reset filter

WordPress Trac noreply at wordpress.org
Sun Nov 21 06:52:23 UTC 2021


#54481: User list doesn't honor allow_password_reset filter
----------------------------+-----------------------------
 Reporter:  desmith         |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Users           |    Version:  5.8.2
 Severity:  minor           |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 In WP 5.7 or so, the user list (Users - All Users in the admin section)
 began to display a "Send password reset" link for users (other than
 yourself). On many of my sites, I have a filter like this:

 `add_filter('allow_password_reset', '__return_false');`

 (I use an outside authentication system, so the WP-local passwords aren't
 used for anything, and most users can't get to WordPress' own login screen
 anyway.)

 I expected the above filter also to suppress the links in the user list,
 but this appears not to be the case.

 The patch for this is simple enough (a few lines of new code around line
 279 in wp-admin/includes/class-wp-users-list-table.php), but before I
 write and test it, is this the best approach to fix this bug? i.e. is
 there anyone expecting that the ''allow_password_reset'' filter only
 applies to users doing self-service password resets, as opposed to admins
 sending resets on behalf of other users? If that's the case, this probably
 should be a separate filter or define of some sort.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54481>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list