From 4af3a3374e5090f09d62edd69abca8a302af16eb Mon Sep 17 00:00:00 2001 From: Dominik Schilling Date: Mon, 14 Sep 2015 12:43:26 +0000 Subject: [PATCH] Passwords: Deprecate second parameter of `wp_new_user_notification()`. The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both". To prevent this the second parameter is now deprecated and reintroduced as the third parameter. Adds unit tests. Props kraftbj, adamsilverstein, welcher, ocean90. Fixes #33654. (Don't ask for new pluggables kthxbye) Built from https://develop.svn.wordpress.org/trunk@34116 git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/user.php | 2 +- wp-admin/network/site-new.php | 2 +- wp-admin/network/site-users.php | 2 +- wp-admin/network/user-new.php | 2 +- wp-includes/pluggable.php | 16 +++++++++++----- wp-includes/user-functions.php | 2 +- wp-includes/version.php | 2 +- 7 files changed, 17 insertions(+), 11 deletions(-) diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 5c12d3d265..6a5ccdbc53 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -176,7 +176,7 @@ function edit_user( $user_id = 0 ) { $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); - wp_new_user_notification( $user_id, 'both' ); + wp_new_user_notification( $user_id, null, 'both' ); } return $user_id; } diff --git a/wp-admin/network/site-new.php b/wp-admin/network/site-new.php index c5fa157a98..46be489945 100644 --- a/wp-admin/network/site-new.php +++ b/wp-admin/network/site-new.php @@ -94,7 +94,7 @@ if ( wp_validate_action( 'add-site' ) ) { if ( false === $user_id ) wp_die( __( 'There was an error creating the user.' ) ); else - wp_new_user_notification( $user_id, 'both' ); + wp_new_user_notification( $user_id, null, 'both' ); } $wpdb->hide_errors(); diff --git a/wp-admin/network/site-users.php b/wp-admin/network/site-users.php index eb692f5b6d..f3a75ae3f5 100644 --- a/wp-admin/network/site-users.php +++ b/wp-admin/network/site-users.php @@ -77,7 +77,7 @@ if ( $action ) { if ( false === $user_id ) { $update = 'err_new_dup'; } else { - wp_new_user_notification( $user_id, 'both' ); + wp_new_user_notification( $user_id, null, 'both' ); add_user_to_blog( $id, $user_id, $_POST['new_role'] ); $update = 'newuser'; } diff --git a/wp-admin/network/user-new.php b/wp-admin/network/user-new.php index f2ccbb8abe..52e4d9fa7e 100644 --- a/wp-admin/network/user-new.php +++ b/wp-admin/network/user-new.php @@ -51,7 +51,7 @@ if ( wp_validate_action( 'add-user' ) ) { if ( ! $user_id ) { $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) ); } else { - wp_new_user_notification( $user_id, 'both' ); + wp_new_user_notification( $user_id, null, 'both' ); wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) ); exit; } diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index d1a3dfe9ff..b53a233ea8 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1690,16 +1690,22 @@ if ( !function_exists('wp_new_user_notification') ) : * * @since 2.0.0 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`. + * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter. * * @global wpdb $wpdb WordPress database object for queries. * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance. * - * @param int $user_id User ID. - * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty - * string (admin only), or 'both' (admin and user). The empty string value was kept - * for backward-compatibility purposes with the renamed parameter. Default empty. + * @param int $user_id User ID. + * @param null $deprecated Not used (argument deprecated). + * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty + * string (admin only), or 'both' (admin and user). The empty string value was kept + * for backward-compatibility purposes with the renamed parameter. Default empty. */ -function wp_new_user_notification( $user_id, $notify = '' ) { +function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) { + if ( $deprecated !== null ) { + _deprecated_argument( __FUNCTION__, '4.3.1' ); + } + global $wpdb, $wp_hasher; $user = get_userdata( $user_id ); diff --git a/wp-includes/user-functions.php b/wp-includes/user-functions.php index 1feac3be04..e1b933e6cf 100644 --- a/wp-includes/user-functions.php +++ b/wp-includes/user-functions.php @@ -2012,7 +2012,7 @@ function register_new_user( $user_login, $user_email ) { update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag. - wp_new_user_notification( $user_id, 'both' ); + wp_new_user_notification( $user_id, null, 'both' ); return $user_id; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 6a68e0c790..fa2f397d7d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34115'; +$wp_version = '4.4-alpha-34116'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.