Make WordPress Core

Opened 9 years ago

Last modified 8 months ago

#31830 reopened defect (bug)

Hard coded wp-login.php url in string

Reported by: lenasterg's profile lenasterg Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.0
Component: Login and Registration Keywords: needs-patch
Focuses: multisite Cc:

Description (last modified by sabernhardt)

I noticed that in
wp-includes/ms-functions.php (wpmu_welcome_notification)
the login url is hardcoded (wp-login.php) into the string.
This will create a problem if a multisite developer has chosen to change the login page url (for security reasons).

Thanks in advance

Change History (4)

#1 @jeremyfelt
9 years ago

  • Component changed from Users to Login and Registration
  • Version changed from trunk to 3.0

Hi lenasterg, thanks for opening a ticket!

It would be nice to change the reliance on wp-login.php as part of the URL. Right now the answer is to use a filter for the entire email through update_welcome_email.

Considering the version of the welcome email stored in the database has existed with BLOG_URLwp-login.php as part of it since pre-3.0, we would need to be careful making any changes. Even if with schema update, two versions of the email would need to be supported in order to maintain backward compatibility. It would be interesting to see a possible solution to this.

Introduced in [12603]

#2 @sabernhardt
3 years ago

  • Description modified (diff)
  • Keywords needs-patch added
  • Milestone set to Future Release

#3 @rajinsharwar
10 months ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hey @lenasterg, thanks for your ticket! Let's track the issue on #56224, as that will, of course, cover the instance you mentioned. Marking this as a Duplicate of that ticket, so that we can fix the issue in the full core, rather than a single file one by one.

#4 @sabernhardt
8 months ago

  • Milestone set to Future Release
  • Resolution duplicate deleted
  • Status changed from closed to reopened

This change is quite different from other hardcoded wp-login.php instances, so it should be better to make a separate patch and test it on its own.

Note: See TracTickets for help on using tickets.