[wp-trac] [WordPress Trac] #57457: save_post hook fires on password reset?
WordPress Trac
noreply at wordpress.org
Fri Jan 13 13:15:01 UTC 2023
#57457: save_post hook fires on password reset?
--------------------------+-----------------------------
Reporter: Dudo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.1.1
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hello, I've just find out that on password reset, the
[save_post]https://developer.wordpress.org/reference/hooks/save_post/ hook
is invoked.
Of course, this can be easily fixed if is_admin() is used.
But, still, this should never run on wp-login.php?action=lostpassword
To reproduce, just install this little plugin and then try to do a
password reset
{{{#!php
<?php
/*
Plugin Name: Test
Plugin URI: url
Description: Just a test
Author: Dario Curvino
Version: 1.0.0
Author URI: http://dariocurvino.it
*/
//Using is_admin() will fix this
//if(is_admin()) {
add_action('save_post', static function () {
if (!current_user_can('edit_posts') ) {
wp_die('Why am I here?');
}
});
//}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57457>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list