#15473 closed defect (bug) (fixed)
wp_login action can't deal with alternate auth mechanisms
Reported by: | Otto42 | Owned by: | ryan |
---|---|---|---|
Milestone: | 3.3 | Priority: | normal |
Severity: | minor | Version: | 3.1 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
In the wp_signon function, the action hook for wp_login is called like this:
do_action('wp_login', $credentials['user_login']);
Problem is that $credentials['user_login']
is the content of the form field passed to it by the login screen. If an alternate authentication mechanism is used (like via Twitter or Facebook), then the action does not get the resulting user name that is logging in.
Fix:
If the $user variable is_a WP_User object, then the value passed to this action hook should be $user->user_login instead, so as to pass the login name of the authenticated user to the action.
Attachments (2)
Change History (10)
#4
@
13 years ago
Bump. Any traction here? This change would help solve some problems for users wanting alternate login mechanisms, and it's backwards compatible.
#6
@
13 years ago
- Keywords 3.2-early removed
- Milestone changed from Future Release to 3.3
Code reference: http://core.trac.wordpress.org/browser/tags/3.2.1/wp-includes/user.php#L53
Wouldn't $user
always be a WP_User
object at this point, since WP_Error
is handled earlier? We can probably skip the check.
15473.patch passes $user->user_login
and adds $user
as a second parameter, as suggested in #17085.
#7
@
13 years ago
- Owner set to ryan
- Resolution set to fixed
- Status changed from new to closed
In [18741]:
wp_login action hook fix