Make WordPress Core

Opened 7 years ago

Last modified 6 years ago

#40065 new enhancement

Check for invalid user before `lostpassword_post` in `retrieve_password()`

Reported by: jfarthing84's profile jfarthing84 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Login and Registration Keywords: has-patch dev-feedback
Focuses: Cc:


Some errors are added before lostpassword_post and one is added after. It'd be nice if all of the errors were present when the action is called. This patch fixes that.

Attachments (1)

40065.patch (1.2 KB) - added by jfarthing84 7 years ago.

Download all attachments as: .zip

Change History (4)

7 years ago

#1 @jfarthing84
7 years ago

  • Keywords has-patch added

#2 @jfarthing84
6 years ago

  • Keywords dev-feedback added

#3 @cormdas
6 years ago

I would have liked to prevent information disclosure in login and password retrieval forms by returning a generic message rather than one that indicates whether or not a username/email is valid. However, this is not possible because that one check can add an error after the filter is called.

Note: See TracTickets for help on using tickets.