WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 23 months ago

#35177 new enhancement

Introduce a separate function for the login form action URL

Reported by: khag7 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.4
Component: Login and Registration Keywords: has-patch
Focuses: Cc:

Description

See #34925, #35103.

I have always understood wp_login_url() to mean "The url which one can visit to use a login form" but not necessarily the url to which the form data is posted.

Previous to 4.4.0 the login form generated by wp_login_form() had the action hard coded to wp-login.php. This made it easy (and not uncommon) for users to have wp_login_url() filtered to point to a custom page. It was also easy for these users to have a shortcode put a login form on that page which draws from wp_login_form(). They didn't need to worry about making their page handle the posted data since the form was hard-coded to post the form submission to wp-login.php.

The patch proposed in #34925 fixes the problem outlined there, but doesn't fix the bug described here. The desired action is that the function wp_login_url should not be used to get the url to which the form should be submitted. We need another way of determining the url to post the data to.

I've written a function, wp_login_handler_url() which solves the problem here and the problem from the other ticket. Now we can use wp_login_url() and wp_login_handler_url() separately. By default, they are going to both be pointing at wp-login.php, but users can now filter login_url while still allowing the login form post data to be sent to wp-login.php.

If we commit this patch, we could (and should) search through core files for use of site_url('wp-login.php') and instead use either wp_login_handler_url or login_url depending on the circumstance of use.

The spirit of the original change was good. We shouldn't have hard-coded references to wp-login.php, we should have a function and one place that can be filtered. And attempting to use the existing function, wp_login_url() to get that url was a good idea, but its obvious that two separate but similar functions are needed here.

Attachments (1)

35177.patch (2.8 KB) - added by johnbillion 2 years ago.
Patch by khag7

Download all attachments as: .zip

Change History (3)

@johnbillion
2 years ago

Patch by khag7

#1 @johnbillion
2 years ago

  • Keywords has-patch added

This ticket was mentioned in Slack in #core by xtremefaith. View the logs.


23 months ago

Note: See TracTickets for help on using tickets.