[wp-trac] Re: [WordPress Trac] #9682: Move wp-login.php function definitions to pluggable.php

WordPress Trac wp-trac at lists.automattic.com
Thu Apr 30 16:04:10 GMT 2009


#9682: Move wp-login.php function definitions to pluggable.php
--------------------------+-------------------------------------------------
 Reporter:  misterbisson  |       Owner:                                     
     Type:  enhancement   |      Status:  new                                
 Priority:  normal        |   Milestone:  2.8                                
Component:  Users         |     Version:  2.7.1                              
 Severity:  normal        |    Keywords:  has-patch needs-testing 2nd-opinion
--------------------------+-------------------------------------------------

Comment(by Denis-de-Bernardy):

 Replying to [comment:10 misterbisson]:
 > The retrieve_password_key action only gets fired if the
 user_activation_key in the users table is empty.
 >
 > The $key stored in the users table never expires (so far as I can tell).
 >
 > The $key stored in the users table will be re-used for future password
 resets (as far as I can tell).

 actually... it's unset in wp_set_password(). so that it only gets fired
 once -- until used up. this is probably desirable, too, so as to avoid
 getting repeated email if the form is the target of a robot.

 that it doesn't expire is a potential issue, but it's going to trigger
 such a debate in trac that it probably belongs in a separate ticket.


 > The password_reset action happens after the $key has been validated
 (preventing plugins from doing their own validation/expiration).

 shouldn't this be the job of a separate action? that way you get to keep
 the best of both worlds: if the user is sent an email by WP and an SMS,
 the first would send him to ?action=rp&key=foo, and the second would send
 him to ?action=smsrp&smskey=foo.

 you'd generate smskey on the fly on do_action(retrieve_password) or
 do_action(retrieve_password_key), whichever makes the most sense, and
 proceed as needed from there.

 you're correct on the has_filter. fixing this right away.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9682#comment:14>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list