WordPress 4.3.1 changed wp_new_user_notification() again, conflicting s2member v150827

[bridgeport]

The change in WordPress 4.3.1 wp_new_user_notification() pluggable function effectively undoes the fix in the latest s2member version, which was extensively discussed in issue #689

v150827
(s2Member/s2Member Pro) WordPress v4.3 Compat./Bug Fix This release of s2Member alters the way New User Notification Emails are sent, and in how they should be formatted in WordPress v4.3+.

The New User Notification Email is now sent (to a user) only if they did not set a Custom Password during their registration; i.e., only if they need this email to set their password for the first time. In short, s2Member now follows the same approach used by WordPress v4.3+.

Settings to reproduce:

General Options > Email Configuration > New User Email Configuration > No (default, use WordPress defaults)

General Options > Registration/Profile Fields & Options > Allow Custom Passwords During Registration > Yes

Following a checkout where a user chooses their own password, the following is emailed to the user:

Email subject:

[Site Name] Your username and password info

Email body:

Username: johndoe

To set your password, visit the following address:

https://example.com/wp-login.php?action=rp&key=zbbbtvqzynH4fgaqgy6m&login=johndoe

https://example.com/wp-login.php

If a user is setting their own password upon registration, the above obviously shouldn't be sent.

The pluggable wp_new_user_notification() function arguments changed again, as documented here:
Passwords: Deprecate second parameter of wp_new_user_notification().

Version 4.3 function with two arguments:

/**
 * Email login credentials to a newly-registered user.
 *
 * A new user registration notification is also sent to admin email.
 *
 * @since 2.0.0
 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
 *
 * @param int    $user_id User ID.
 * @param string $notify  Whether admin and user should be notified ('both') or
 *                        only the admin ('admin' or empty).
 */
function wp_new_user_notification( $user_id, $notify = '' ) {}

Version 4.3.1 function with three arguments (middle argument deprecated):

/**
 * Email login credentials to a newly-registered user.
 *
 * A new user registration notification is also sent to admin email.
 *
 * @since 2.0.0
 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
 * @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
 *
 * @global wpdb         $wpdb      WordPress database object for queries.
 * @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
 *
 * @param int    $user_id    User ID.
 * @param null   $deprecated Not used (argument deprecated).
 * @param string $notify     Optional. Type of notification that should happen. Accepts 'admin' or an empty
 *                           string (admin only), or 'both' (admin and user). The empty string value was kept
 *                           for backward-compatibility purposes with the renamed parameter. Default empty.
 */
function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' ) {}

I assume there's a possibility that WordPress will eventually remove the second $deprecated argument, which would reintroduce this issue, unless s2member were modified to expect the third $notify argument to always be the last argument.

Thanks.

[jaswrks]

Thanks for the very detailed report. Really appreciate it!

[robertkreuz]

Hello, it seems the $deprecated argument is not the only issue.

For a couple of hours I checked different solutions - without luck.

I did reorder second and third argument in the pluggable.php - no succsess.
I take over old code of wp_new_user_notification from the last running backuped pluggable.php - no succsess.
I tried the code suggested in this post:
https://wordpress.org/support/topic/new-user-email-not-being-sent-2?replies=10
I tried this direct in pluggable.php and with a own php in my MUST USE-Plugin folder - no succsess.

And If S2 Member is working on that, please give back the posibility, that a wordpress generated password is send to a new user direct after registration! The new way with a link is a) not as save as before. B) It is definitly not user friendly and a mess if you want to earn money with your blog.

Let me say, that is very very annoying, if hyperactiv wordpress-developer force users into changing their stable running system. The ours of testing and bug isolation, will nobody pay.
I know thats happend all to make wordpress more safe. But the result is now:

I have to allowed New User that they can set their own password direct in the registration process and thats not more safe!

[raamdev]

I have successfully confirmed and reproduced @bridgeport's bug report as he described. Custom Passwords + WordPress defaults for New User Email Configuration = "Your username and password info" email being sent anyway with a "To set your password" link.

Tested with WordPress v4.3.1 + s2Member Pro v150827

[robertkreuz]

Thanks for working on it.

[kristineds]

Also reported here: https://websharks.zendesk.com/agent/tickets/8469

[renzms]

Also reported here: https://websharks.zendesk.com/agent/tickets/8443

[renzms]

Also reported here: https://websharks.zendesk.com/agent/tickets/8445