WordPress.org

Make WordPress Core

Changes between Version 2 and Version 3 of Ticket #46349, comment 31


Ignore:
Timestamp:
06/04/2019 03:46:05 AM (3 years ago)
Author:
azaozz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #46349, comment 31

    v2 v3  
    88It's used in just one place so this would work well.
    99
    10 Thinking it's not a good idea to do `delete_option( 'admin_email_lifespan' );` at the top of wp-login.php. If the option has been deleted, it will go to the DB to try and get it again, and that file may be a subject of brute force login attempts :)
     10Thinking it's not a good idea to do `delete_option( 'admin_email_lifespan' );` at the top of wp-login.php. If the option has been deleted, it will go to the DB to try and get it again, and that file may be a subject of brute force login attempts.
    1111
    1212Maybe we can keep the option and set it to some value (this is actually the "recommended way" to use options, make sure they exist at all times and don't change the value (write to the DB) for non-authenticated users). That will also remove the need to delete it.
    1313
     14Also wondering if plugins should be able to remove the whole check. This is a good security feature. If we add a filter for `ADMIN_EMAIL_MAX_AGE`, perhaps this should be hard-coded, not added with a filter on `'login_redirect'`.
     15
    1416The rest is minor/nitpicks :) Generally HTML tags should be avoided in translatable strings. Think there was something in the coding standards against nested single `if` (but may be mixing that with the JS linting/coding standards).
     17
     18