Opened 8 years ago
Last modified 7 years ago
#38898 reopened defect (bug)
Lost password form not working with plugins that rename login URL
Reported by: | Kent Brockman | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.6.1 |
Component: | Users | Keywords: | needs-patch |
Focuses: | administration, multisite | Cc: |
Description
When any given user, belonging to any given site, within a Multisite environment, try to recover its password, AND IF any security plugin which renamed the login URL is in place, the submission of that lost password form will fail because the action form has the wp-login.php URL hardcoded within. It should submit the form to the same URL you are currently on.
You can refer to this support thread to learn more:
https://wordpress.org/support/topic/bug-found-lost-password-form-outputting-incorrect-action-url-under-multisite/
So, the submit form URL at wp-login.php file should be outputted programatically rather than hardcoded.
Best regards
Marcelo
Change History (8)
#2
@
8 years ago
Is this bug still on the radar?
Addition to the report:
The "forgot password" link below the login form goes to the main site's URL and not the current site. And as stated above, the URL specified in the action of the form on both "forgot password" and "reset password" forms are posted to the main site as well as using "wp-login.php" instead of the changed path.
#3
@
8 years ago
@jesperb
Looks like the current line in core for wp-login.php for the lost password.
https://github.com/WordPress/WordPress/blob/master/wp-login.php#L535
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
So it will still go to the main site of the current network, not back to the subsite.
https://codex.wordpress.org/Function_Reference/network_site_url
#4
@
8 years ago
Seems like there is a related core ticket for this #21352
Current workaround seems to be this.
https://gist.github.com/eteubert/293e07a49f56f300ddbb
#5
@
8 years ago
- Resolution set to duplicate
- Status changed from new to closed
Was not a duplicate of #21352.
#7
in reply to:
↑ 6
;
follow-up:
↓ 8
@
8 years ago
Replying to lukecavanagh:
Luke, this ticket is not a duplicate, because beyond the issues on #21352, this one is requesting the site to respect the login URL when it's not defaulted to wp-login.php.
Thanks
#8
in reply to:
↑ 7
@
8 years ago
Yep I know, my mistake.
Replying to Kent Brockman:
Replying to lukecavanagh:
Luke, this ticket is not a duplicate, because beyond the issues on #21352, this one is requesting the site to respect the login URL when it's not defaulted to wp-login.php.
Thanks
Hi @Kent Brockman,
thx for the report !