Make wp_validate_auth_cookie() filterable
|Reported by:||sirzooro||Owned by:|
When WordPress loads, it does not call the same functions as when login form is submitted - instead it uses different ones to validate that authentication cookie is present and valid. Call stack is as follows:
settings.php WP::init() wp_get_current_user() get_currentuserinfo() wp_validate_auth_cookie()
When plugin wants to validate some extra things (e.g. decide if user can login by checking user meta), the only way is to replace one of functions defined in pluggable.php - wp_validate_auth_cookie() seems to be a good candidate for this. Unfortunately this can be done only once, so now it is impossible to use few plugins which wants to do some extra checks at the same time. Therefore I propose to extend the wp_validate_auth_cookie() function by adding validate_auth_cookie filter to it - see attached patch. It will allow to hook into the cookie validation process, without the need to replace pluggable function.