authentication errors from plugins sometimes get suppressed
|Reported by:||wnorris||Owned by:||ryan|
I've noticed that the new authentication code in WP 2.8 sometimes suppresses error messages from plugins which implement the 'authenticate' hook. This happens on wp-login.php when both the username and password fields are left empty.
The included patch does two things:
- modifies wp_authenticate_username_password to maintain existing WP_Error object if present. Also changes how wp_signon clears out the 'empty_username' and 'empty_password' errors, to ensure that any others are maintained (this last part could be made cleaner if WP_Error exposed a remove method)
- modifies the 'login_errors' and 'login_messages' filter calls in wp-login.php to pass the raw $wp_errors object as an optional second parameter
Change History (6)
- Keywords reporter-feedback added; authentication login plugins has-patch removed