WordPress.org

Make WordPress Core

Opened 15 months ago

Last modified 3 weeks ago

#40065 new enhancement

Check for invalid user before `lostpassword_post` in `retrieve_password()`

Reported by: jfarthing84 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Login and Registration Keywords: has-patch dev-feedback
Focuses: Cc:

Description

Some errors are added before lostpassword_post and one is added after. It'd be nice if all of the errors were present when the action is called. This patch fixes that.

Attachments (1)

40065.patch (1.2 KB) - added by jfarthing84 15 months ago.

Download all attachments as: .zip

Change History (4)

@jfarthing84
15 months ago

#1 @jfarthing84
15 months ago

  • Keywords has-patch added

#2 @jfarthing84
4 months ago

  • Keywords dev-feedback added

#3 @cormdas
3 weeks ago

I would have liked to prevent information disclosure in login and password retrieval forms by returning a generic message rather than one that indicates whether or not a username/email is valid. However, this is not possible because that one check can add an error after the filter is called.

Note: See TracTickets for help on using tickets.