WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 3 years ago

#15473 closed defect (bug)

wp_login action can't deal with alternate auth mechanisms — at Version 1

Reported by: Otto42 Owned by:
Milestone: 3.3 Priority: normal
Severity: minor Version: 3.1
Component: Users Keywords: has-patch
Focuses: Cc:

Description (last modified by Otto42)

In the wp_signon function, the action hook for wp_login is called like this:
do_action('wp_login', $credentials['user_login']);

Problem is that $credentials['user_login'] is the content of the form field passed to it by the login screen. If an alternate authentication mechanism is used (like via Twitter or Facebook), then the action does not get the resulting user name that is logging in.

Fix:

If the $user variable is_a WP_User object, then the value passed to this action hook should be $user->user_login instead, so as to pass the login name of the authenticated user to the action.

Change History (2)

comment:1 Otto423 years ago

  • Description modified (diff)

Otto423 years ago

wp_login action hook fix

Note: See TracTickets for help on using tickets.