[wp-trac] [WordPress Trac] #54481: User list doesn't honor allow_password_reset filter
WordPress Trac
noreply at wordpress.org
Tue Nov 23 18:13:00 UTC 2021
#54481: User list doesn't honor allow_password_reset filter
--------------------------+------------------------------
Reporter: desmith | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 5.8.2
Severity: minor | Resolution:
Keywords: | Focuses: administration
--------------------------+------------------------------
Comment (by SergeyBiryukov):
Replying to [comment:2 desmith]:
> As a newbie question, what is the correct way to handle the bulk
dropdown? (Assuming ''allow_password_reset'' is a per-user flag, which is
implied by the current filter, if it's in the bulk dropdown it would
succeed for some users but fail for others.)
Ah, good point. We might want to leave the bulk actions dropdown as is
then.
> Since ''allow_password_reset'' can take a user ID, does that imply that
there are cases (now or in the future) where a given user may be able to
reset some other users' passwords, but not those of other users?
Yes, I think that would be currently possible by returning `true` or
`false` depending on the current user and the passed user ID value.
> As another newbie question, where would a hypothetical
is_password_reset_allowed() function go? My first guess would be wp-
includes/user.php, probably near the existing get_password_reset_key(),
but I've been burned before by not understanding which of the many many WP
files are which.
My suggestion would be directly above `get_password_reset_key()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54481#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list