Opened 7 years ago
Last modified 7 years ago
#43957 new enhancement
check_password_reset_key could use get_user_by instead of direct query
Reported by: | thomaslhotta | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.9.5 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
Hi
Just noticed, that check_password_reset_key
is one of only a few functions making a direct query to the users table. Wouldn't it be more consistent to use the get_user_by
function here. I came across this because I am replacing the
get_user_by
function with my own. Not being able to hook into the user retrieval in check_password_reset_key
forces me to take a rather hackish approach by using the 'query' filter.
I cannot see any advantages of making a direct query aside from bypassing the object cache. Maybe there is a security concern that I am not aware of?
Note: See
TracTickets for help on using
tickets.
To my understanding, direct database queries are mainly used when we intend to pull values from one or more columns in a table which are
indexed
in order to gain more speed. Inwp_users
table the indexed columns are:ID
,user_login
,user_nicename
anduser_email
.Since
check_password_reset_key
function deals withuser_login
column, probably that's the reason a direct database query is used.