Changes between Version 1 and Version 2 of Ticket #31686, comment 7
- Timestamp:
- 08/06/2019 05:42:07 AM (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31686, comment 7
v1 v2 16 16 }}} 17 17 18 It maybe possible that `wp_authenticate_username_password()` givesa chance to a WP_Error `$user` to still be authenticated if the `$username` and `$password` are provided. I'm just not sure if there's a good use-case for such scenario or if this is really an intended behaviour.18 It maybe possible that `wp_authenticate_username_password()` is design to give a chance to a WP_Error `$user` to still be authenticated if the `$username` and `$password` are provided. I'm just not sure if there's a good use-case for such scenario or if this is really an intended behaviour. 19 19 20 20 IMHO, if the `$user` passed is a WP_Error then it should immediately return the WP_Error. Like @kwisatz 's concern, this maybe a potential security hole.