authentication errors from plugins sometimes get suppressed

[wnorris]

I've noticed that the new authentication code in WP 2.8 sometimes suppresses error messages from plugins which implement the 'authenticate' hook. This happens on wp-login.php when both the username and password fields are left empty.

The included patch does two things:

• modifies wp_authenticate_username_password to maintain existing WP_Error object if present. Also changes how wp_signon clears out the 'empty_username' and 'empty_password' errors, to ensure that any others are maintained (this last part could be made cleaner if WP_Error exposed a remove method)
• modifies the 'login_errors' and 'login_messages' filter calls in wp-login.php to pass the raw $wp_errors object as an optional second parameter

[miqrogroove]

renamed file by wnorris - for visibility

[miqrogroove]

wnorris, I don't think you've quite made the case for this patch.

Also changes how wp_signon clears out the 'empty_username' and 'empty_password' errors, to ensure that any others are maintained

As I understand the existing code, WordPress does not clear out the empty_username and empty_password items if other errors are present. This is made fairly obvious by the patch's attempt to unset errors in the context of an authentication failure. If you think there's a sane way to do that, it needs to be explained and documented.

[nacin]

Re-open with steps to reproduce.

[willnorris]

just leaving myself a note here that this is a duplicate of #19714