[wp-trac] [WordPress Trac] #54481: User list doesn't honor allow_password_reset filter
WordPress Trac
noreply at wordpress.org
Sun Nov 21 06:52:23 UTC 2021
#54481: User list doesn't honor allow_password_reset filter
----------------------------+-----------------------------
Reporter: desmith | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 5.8.2
Severity: minor | Keywords:
Focuses: administration |
----------------------------+-----------------------------
In WP 5.7 or so, the user list (Users - All Users in the admin section)
began to display a "Send password reset" link for users (other than
yourself). On many of my sites, I have a filter like this:
`add_filter('allow_password_reset', '__return_false');`
(I use an outside authentication system, so the WP-local passwords aren't
used for anything, and most users can't get to WordPress' own login screen
anyway.)
I expected the above filter also to suppress the links in the user list,
but this appears not to be the case.
The patch for this is simple enough (a few lines of new code around line
279 in wp-admin/includes/class-wp-users-list-table.php), but before I
write and test it, is this the best approach to fix this bug? i.e. is
there anyone expecting that the ''allow_password_reset'' filter only
applies to users doing self-service password resets, as opposed to admins
sending resets on behalf of other users? If that's the case, this probably
should be a separate filter or define of some sort.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54481>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list