WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#33419 closed defect (bug) (fixed)

Cancelling password update on user-profile fails

Reported by: peterwilsoncc Owned by: adamsilverstein
Milestone: 4.3.1 Priority: normal
Severity: major Version: 4.3
Component: Users Keywords: has-patch commit fixed-major
Focuses: javascript, administration Cc:

Description

Cancelling a new password on the user profile form fails.

  1. Edit user profile
  2. Click Generate Password
  3. Click Cancel
  4. Submit the form
  5. New password is set

Prior to step 1, #pass1's value is empty; following step 3, #pass1 is set, #pass2 is empty.

Attachments (2)

33419.1.diff (430 bytes) - added by peterwilsoncc 6 years ago.
33419.2.diff (501 bytes) - added by SergeyBiryukov 6 years ago.

Download all attachments as: .zip

Change History (11)

@peterwilsoncc
6 years ago

#1 @peterwilsoncc
6 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.3.1
  • Severity changed from normal to major

33419.1.diff clears the password fields when a user clicks the cancel new password button on the profile page.

Setting milestone and upping severity as inadvertently setting a user's passwords seems to warrant it.

#2 @adamsilverstein
6 years ago

Good catch @peterwilsoncc, I will test the patch.

Related: #33450.

#3 @adamsilverstein
6 years ago

  • Focuses administration added
  • Keywords commit added
  • Owner set to adamsilverstein
  • Status changed from new to assigned

This looks good, thanks for catching and fixing this!

I tested this and verified: before the patch, clicking cancel then save resulted in a changed password. With the patch, performing the same sequence the password is not updated.

Thanks!

@SergeyBiryukov
6 years ago

#4 follow-up: @SergeyBiryukov
6 years ago

We could replace $( '#pass1' ) with $pass1, which is set earlier.

I've found another quirk:

  1. Click Generate Password.
  2. Enter a weak password (e.g. "123").
  3. Click Cancel.
  4. The Update User button is still inactive after clicking cancel, because "Confirm use of weak password" checkbox was not checked.

33419.2.diff fixes that too.

#5 in reply to: ↑ 4 @adamsilverstein
6 years ago

Nice improvements! Thank you.

Replying to SergeyBiryukov:

We could replace $( '#pass1' ) with $pass1, which is set earlier.

I've found another quirk:

  1. Click Generate Password.
  2. Enter a weak password (e.g. "123").
  3. Click Cancel.
  4. The Update User button is still inactive after clicking cancel, because "Confirm use of weak password" checkbox was not checked.

33419.2.diff fixes that too.

#6 @SergeyBiryukov
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 33766:

Prevent unintended password change after clicking "Generate Password" and then "Cancel" when editing a user profile.

props peterwilsoncc.
fixes #33419 for trunk.

#7 @SergeyBiryukov
6 years ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#8 @SergeyBiryukov
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33980:

Prevent unintended password change after clicking "Generate Password" and then "Cancel" when editing a user profile.

Merges [33766] to the 4.3 branch.

Props peterwilsoncc.
Fixes #33419 for 4.3.1.

#9 @SergeyBiryukov
5 years ago

In 38494:

Users: After [33766], don't reset the password when clicking "Show Password" and then "Cancel" on Add New User screen.

Props smerriman for reporting.
Fixes #37902. See #33419.

Note: See TracTickets for help on using tickets.