[wp-trac] [WordPress Trac] #56372: unexpected behavior user.php wp_update_user() detects change in password when there is no change
WordPress Trac
noreply at wordpress.org
Mon Aug 15 18:45:50 UTC 2022
#56372: unexpected behavior user.php wp_update_user() detects change in password
when there is no change
--------------------------+-------------------------
Reporter: HamishAhern | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Users | Version: 6.0
Severity: normal | Resolution: worksforme
Keywords: | Focuses:
--------------------------+-------------------------
Comment (by SergeyBiryukov):
Replying to [comment:2 HamishAhern]:
> so do you still say its not a common issue now? and that this is not the
first report of this. I am probably just the first to look for the root
cause.
I'm sorry for bad phrasing on my part, I did not mean to downplay the
issue. Just wanted to note that for the ticket to move forward, it would
be good to have the steps to reproduce it on a clean install, as it seems
that the issue could be related to a plugin or theme calling
`wp_update_user()` with a password that is in some way different, whether
intentionally or not.
The changes in question appear to have been made seven years ago in 2015:
* [32820] / #32430 introduced sending an email when a user's email address
or password is changed.
* [35116] / #28435 added a conditional check to avoid accidentally double-
hashing the password.
It's absolutely possible that there's an issue here, either in code or
documentation, so if anyone would like to follow up with more details,
please feel free to reopen.
> there is even a webpage article created about it. so that developers can
work around it.
> https://wordpress.org/support/topic/turn-off-admin-notification-of-user-
password-change/
That support topic says that they get an email every time one of their
users ''does'' change the password, which can happen quite often on a
large site, and they just want a way to disable it. It does not say that
they still get an email when there is no change, so it does not seem the
same to me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56372#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list