Make WordPress Core

Opened 13 years ago

Closed 12 years ago

Last modified 5 years ago

#15473 closed defect (bug) (fixed)

wp_login action can't deal with alternate auth mechanisms

Reported by: otto42's profile Otto42 Owned by: ryan's profile ryan
Milestone: 3.3 Priority: normal
Severity: minor Version: 3.1
Component: Users Keywords: has-patch
Focuses: Cc:

Description (last modified by Otto42)

In the wp_signon function, the action hook for wp_login is called like this:
do_action('wp_login', $credentials['user_login']);

Problem is that $credentials['user_login'] is the content of the form field passed to it by the login screen. If an alternate authentication mechanism is used (like via Twitter or Facebook), then the action does not get the resulting user name that is logging in.

Fix:

If the $user variable is_a WP_User object, then the value passed to this action hook should be $user->user_login instead, so as to pass the login name of the authenticated user to the action.

Attachments (2)

15473.diff (506 bytes) - added by Otto42 13 years ago.
wp_login action hook fix
15473.patch (407 bytes) - added by SergeyBiryukov 13 years ago.

Download all attachments as: .zip

Change History (10)

#1 @Otto42
13 years ago

  • Description modified (diff)

@Otto42
13 years ago

wp_login action hook fix

#2 @Otto42
13 years ago

  • Keywords has-patch added

#3 @nacin
13 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release

#4 @Otto42
13 years ago

Bump. Any traction here? This change would help solve some problems for users wanting alternate login mechanisms, and it's backwards compatible.

#5 @matdumsa
13 years ago

  • Cc matdumsa@… added

#6 @SergeyBiryukov
13 years ago

  • Keywords 3.2-early removed
  • Milestone changed from Future Release to 3.3

Code reference: http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/user.php#L53

Wouldn't $user always be a WP_User object at this point, since WP_Error is handled earlier? We can probably skip the check.

15473.patch passes $user->user_login and adds $user as a second parameter, as suggested in #17085.

#7 @ryan
12 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In [18741]:

Pass the authenticated user_login to the wp_login action. Props Otto42, SergeyBiryukov. fixes #15473

This ticket was mentioned in Slack in #core-editor by nerrad. View the logs.


5 years ago

Note: See TracTickets for help on using tickets.