Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#24961 closed defect (bug) (fixed)

No error message when logging in without cookies enabled

Reported by: agoranet's profile agoranet Owned by: azaozz's profile azaozz
Milestone: 3.7 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch needs-testing
Focuses: Cc:

Description

Trying to log in with cookies disabled exhibits the following behavior:

  1. Logging in as admin or user using incorrect username and/or password = error message "Cookies are blocked..." displayed along with error message about login information being incorrect
  2. Logging in as admin or user using the correct username and password = no error messages at all

In the second case, we would expect that the error message "Cookies are blocked..." would still be displayed. Instead the page just reloads to the login screen with no indication of what went wrong with the login.

We tried deactivating all plugins and using the default theme, but still saw the issue. We can reproduce the issue as far back as Wordpress 3.2 on various sites.

Attachments (1)

24961.patch (1.6 KB) - added by azaozz 11 years ago.

Download all attachments as: .zip

Change History (7)

#1 @azaozz
11 years ago

Confirmed. Seems the check for cookies has to be before wp_signon(), no point trying to set more cookies.

@azaozz
11 years ago

#2 @azaozz
11 years ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.7

#3 @swissspidy
11 years ago

  • Keywords has-patch needs-testing added

#4 @desrosj
11 years ago

Patch solves the issue for me.

Just wanted to make sure it was intended, but if I use an existing username and enter an incorrect password pre-patch, it warns me the password is incorrect/or empty, and that I do not have cookies enabled.

After the patch, there is no warning for incorrect passwords, only that cookies are disabled.

Last edited 11 years ago by desrosj (previous) (diff)

#5 @nacin
11 years ago

Just wanted to make sure it was intended, but if I use an existing username and enter an incorrect password pre-patch, it warns me the password is incorrect/or empty, and that I do not have cookies enabled.

I think if cookies are disabled, that's probably the only warning they need. They have to attempt the login again anyway after turning on cookies.

#6 @azaozz
11 years ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 25045:

In wp-login.php check if cookies are enabled before attempting to log the user in with wp_signon(), fixes #24961.

Note: See TracTickets for help on using tickets.