Opened 7 weeks ago
Last modified 7 weeks ago
#52721 new defect (bug)
No way to filter value of $credentials['remember'] in wp_signon
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | 1.5.1 |
Component: | Login and Registration | Keywords: | needs-patch |
Focuses: | Cc: |
Description
There are famous plugins out there using wp_signon and providing $credentials, so essentially $_POST values are completely ignored. Meanwhile, $credentials lacks of 'remember' value in these plugins, so for the wp_signon function means 'remember = false'.
If you want to force that remember = 1, there's only the wp_authenticate filter available which:
- is maybe deprecated?
- does not pass the remember value
So, basically, there is no way to filter the remember value, when the wp_signon function is not properly called by someone.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hi @mirkolofio and welcome back to trac.
It looks like the
@todo
asking whether the filter should be deprecated was added in early 2014 as part of [27353].I think allowing the
remember me
setting to be filtered makes sense, both for the use case you describe and for plugins either wishing to enforce or prevent users from being remembered.My inclination is to deprecate the action and replace it with a filter (
wp_signon_credentials
maybe) that will allow plugin authors to modify the credentials array how they see fit.A search of the plugin repository shows 374 plugins are using the current action, the top five all have over one million installs, the top two over three million.
I'll move this on to the 5.8 milestone to start the discussion: