[wp-trac] [WordPress Trac] #53634: Editing user in Dashboard and using "Send Reset Link " broken by retrieve_password()

WordPress Trac noreply at wordpress.org
Wed Oct 5 21:17:01 UTC 2022 

#53634: Editing user in Dashboard and using "Send Reset Link " broken by
retrieve_password()
----------------------------------------+-----------------------
 Reporter:  boblindner                  |       Owner:  pbearne
     Type:  defect (bug)                |      Status:  assigned
 Priority:  normal                      |   Milestone:  6.1
Component:  Users                       |     Version:
 Severity:  major                       |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:
----------------------------------------+-----------------------
Changes (by SergeyBiryukov):

 * keywords:  has-patch has-unit-tests => has-patch needs-unit-tests


Comment:

 Hi there, welcome to WordPress Trac! Thanks for the ticket, patches and
 the PRs.

 I think I would prefer [https://github.com/WordPress/wordpress-
 develop/pull/1536 PR 1536] here, as it attempts to fetch the user both by
 email and username, without adding a new parameter to the function.

 [https://github.com/WordPress/wordpress-develop/pull/2837 PR 2837] may
 look simpler, but I have a few concerns:
 * It doesn't feel right to pass an email to the function if the parameter
 is specifically documented as a username. Should the documentation be
 updated in that case?
 {{{
  * @param string $user_login Optional. Username to send a password
 retrieval email for.
  *                           Defaults to `$_POST['user_login']` if not
 set.
 }}}
 * This is not the only instance where core passes `user_login` to
 `retrieve_password()`, there is at least one other line in `wp-
 admin/users.php` that would need to be updated. In the future, we would
 also need to remember to pass an email to the function instead of a
 username.
 * While passing an email instead of username fixes this particular ticket,
 it would be a good idea to confirm that it does not cause unintentional
 breaking changes in other cases. Some unit tests would be helpful here.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53634#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list