Opened 4 years ago
Last modified 3 years ago
#52721 new defect (bug)
No way to filter value of $credentials['remember'] in wp_signon
Reported by: | mirkolofio | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 1.5.1 |
Component: | Login and Registration | Keywords: | needs-patch |
Focuses: | Cc: |
Description
There are famous plugins out there using wp_signon and providing $credentials, so essentially $_POST values are completely ignored. Meanwhile, $credentials lacks of 'remember' value in these plugins, so for the wp_signon function means 'remember = false'.
If you want to force that remember = 1, there's only the wp_authenticate filter available which:
- is maybe deprecated?
- does not pass the remember value
So, basically, there is no way to filter the remember value, when the wp_signon function is not properly called by someone.
Change History (2)
#2
@
3 years ago
- Milestone changed from 5.8 to Future Release
With no traction on this ticket in the 5.8 release cycle and no patch/PR associated I'm going to punt to Future Release
. Once discussion can settle on the naming and approach such that a patch/PR can be crafted, then this ticket can get added back to a numbered milestone.
Hi @mirkolofio and welcome back to trac.
It looks like the
@todo
asking whether the filter should be deprecated was added in early 2014 as part of [27353].I think allowing the
remember me
setting to be filtered makes sense, both for the use case you describe and for plugins either wishing to enforce or prevent users from being remembered.My inclination is to deprecate the action and replace it with a filter (
wp_signon_credentials
maybe) that will allow plugin authors to modify the credentials array how they see fit.A search of the plugin repository shows 374 plugins are using the current action, the top five all have over one million installs, the top two over three million.
I'll move this on to the 5.8 milestone to start the discussion: