Opened 7 years ago
Last modified 4 years ago
#35177 new enhancement
Introduce a separate function for the login form action URL
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.4 |
Component: | Login and Registration | Keywords: | has-patch |
Focuses: | Cc: |
Description
I have always understood wp_login_url()
to mean "The url which one can visit to use a login form" but not necessarily the url to which the form data is posted.
Previous to 4.4.0 the login form generated by wp_login_form()
had the action hard coded to wp-login.php
. This made it easy (and not uncommon) for users to have wp_login_url()
filtered to point to a custom page. It was also easy for these users to have a shortcode put a login form on that page which draws from wp_login_form()
. They didn't need to worry about making their page handle the posted data since the form was hard-coded to post the form submission to wp-login.php
.
The patch proposed in #34925 fixes the problem outlined there, but doesn't fix the bug described here. The desired action is that the function wp_login_url
should not be used to get the url to which the form should be submitted. We need another way of determining the url to post the data to.
I've written a function, wp_login_handler_url()
which solves the problem here and the problem from the other ticket. Now we can use wp_login_url()
and wp_login_handler_url()
separately. By default, they are going to both be pointing at wp-login.php
, but users can now filter login_url
while still allowing the login form post data to be sent to wp-login.php
.
If we commit this patch, we could (and should) search through core files for use of site_url('wp-login.php')
and instead use either wp_login_handler_url
or login_url
depending on the circumstance of use.
The spirit of the original change was good. We shouldn't have hard-coded references to wp-login.php, we should have a function and one place that can be filtered. And attempting to use the existing function, wp_login_url()
to get that url was a good idea, but its obvious that two separate but similar functions are needed here.
Patch by khag7