Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #31686, comment 7


Ignore:
Timestamp:
08/06/2019 05:42:07 AM (5 years ago)
Author:
donmhico
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #31686, comment 7

    v1 v2  
    1616}}}
    1717
    18 It maybe possible that `wp_authenticate_username_password()` gives a chance to a WP_Error `$user` to still be authenticated if the `$username` and `$password` are provided. I'm just not sure if there's a good use-case for such scenario or if this is really an intended behaviour.
     18It maybe possible that `wp_authenticate_username_password()` is design to give a chance to a WP_Error `$user` to still be authenticated if the `$username` and `$password` are provided. I'm just not sure if there's a good use-case for such scenario or if this is really an intended behaviour.
    1919
    2020IMHO, if the `$user` passed is a WP_Error then it should immediately return the WP_Error. Like @kwisatz 's concern, this maybe a potential security hole.