Passwords: Deprecate second parameter of `wp_new_user_notification()`.

The second parameter `$plaintext_pass` was removed in [33023] and restored as `$notify` in [33620] with a different behavior. If you have a plugin overriding `wp_new_user_notification()` which hasn't been updated you would get a notification with your username and the password "both". To prevent this the second parameter is now deprecated and reintroduced as the third parameter. Adds unit tests. Props kraftbj, adamsilverstein, welcher, ocean90. Fixes #33654. (Don't ask for new pluggables kthxbye) Built from https://develop.svn.wordpress.org/trunk@34116 git-svn-id: http://core.svn.wordpress.org/trunk@34084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 12:43:26 +00:00 · 2015-09-14 12:43:26 +00:00 · 4af3a3374e
parent 97c0303f41
commit 4af3a3374e
7 changed files with 17 additions and 11 deletions
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@ -176,7 +176,7 @@ function edit_user( $user_id = 0 ) {
 		$user_id = wp_update_user( $user );
 	} else {
 		$user_id = wp_insert_user( $user );
-		wp_new_user_notification( $user_id, 'both' );
+		wp_new_user_notification( $user_id, null, 'both' );
 	}
 	return $user_id;
 }
--- a/wp-admin/network/site-new.php
+++ b/wp-admin/network/site-new.php
@ -94,7 +94,7 @@ if ( wp_validate_action( 'add-site' ) ) {
 		if ( false === $user_id )
 			wp_die( __( 'There was an error creating the user.' ) );
 		else
-			wp_new_user_notification( $user_id, 'both' );
+			wp_new_user_notification( $user_id, null, 'both' );
 	}

 	$wpdb->hide_errors();
--- a/wp-admin/network/site-users.php
+++ b/wp-admin/network/site-users.php
@ -77,7 +77,7 @@ if ( $action ) {
 				if ( false === $user_id ) {
 		 			$update = 'err_new_dup';
 				} else {
-					wp_new_user_notification( $user_id, 'both' );
+					wp_new_user_notification( $user_id, null, 'both' );
 					add_user_to_blog( $id, $user_id, $_POST['new_role'] );
 					$update = 'newuser';
 				}
--- a/wp-admin/network/user-new.php
+++ b/wp-admin/network/user-new.php
@ -51,7 +51,7 @@ if ( wp_validate_action( 'add-user' ) ) {
 		if ( ! $user_id ) {
 	 		$add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) );
 		} else {
-			wp_new_user_notification( $user_id, 'both' );
+			wp_new_user_notification( $user_id, null, 'both' );
 			wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) );
 			exit;
 		}
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1690,16 +1690,22 @@ if ( !function_exists('wp_new_user_notification') ) :
 *
 * @since 2.0.0
 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
+ * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
 *
 * @global wpdb         $wpdb      WordPress database object for queries.
 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
 *
- * @param int    $user_id User ID.
- * @param string $notify  Optional. Type of notification that should happen. Accepts 'admin' or an empty
- *                        string (admin only), or 'both' (admin and user). The empty string value was kept
- *                        for backward-compatibility purposes with the renamed parameter. Default empty.
+ * @param int    $user_id    User ID.
+ * @param null   $deprecated Not used (argument deprecated).
+ * @param string $notify     Optional. Type of notification that should happen. Accepts 'admin' or an empty
+ *                           string (admin only), or 'both' (admin and user). The empty string value was kept
+ *                           for backward-compatibility purposes with the renamed parameter. Default empty.
 */
-function wp_new_user_notification( $user_id, $notify = '' ) {
+function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {
+	if ( $deprecated !== null ) {
+		_deprecated_argument( __FUNCTION__, '4.3.1' );
+	}
+
 	global $wpdb, $wp_hasher;
 	$user = get_userdata( $user_id );

--- a/wp-includes/user-functions.php
+++ b/wp-includes/user-functions.php
@ -2012,7 +2012,7 @@ function register_new_user( $user_login, $user_email ) {

 	update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.

-	wp_new_user_notification( $user_id, 'both' );
+	wp_new_user_notification( $user_id, null, 'both' );

 	return $user_id;
 }
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.4-alpha-34115';
+$wp_version = '4.4-alpha-34116';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.