WordPress.org

Make WordPress Core

Opened 6 years ago

Last modified 2 weeks ago

#31830 new defect (bug)

Hard coded wp-login.php url in string

Reported by: lenasterg Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.0
Component: Login and Registration Keywords: needs-patch
Focuses: multisite Cc:

Description (last modified by sabernhardt)

Hi.
I noticed that in
wp-includes/ms-functions.php (wpmu_welcome_notification)
the login url is hardcoded (wp-login.php) into the string.
This will create a problem if a multisite developer has chosen to change the login page url (for security reasons).

Thanks in advance
Lena

Change History (2)

#1 @jeremyfelt
6 years ago

  • Component changed from Users to Login and Registration
  • Version changed from trunk to 3.0

Hi lenasterg, thanks for opening a ticket!

It would be nice to change the reliance on wp-login.php as part of the URL. Right now the answer is to use a filter for the entire email through update_welcome_email.

Considering the version of the welcome email stored in the database has existed with BLOG_URLwp-login.php as part of it since pre-3.0, we would need to be careful making any changes. Even if with schema update, two versions of the email would need to be supported in order to maintain backward compatibility. It would be interesting to see a possible solution to this.

Introduced in [12603]

#2 @sabernhardt
2 weeks ago

  • Description modified (diff)
  • Keywords needs-patch added
  • Milestone set to Future Release
Note: See TracTickets for help on using tickets.