[wp-trac] [WordPress Trac] #19714: plugins which use the 'authenticate' hook unable to return errors
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 3 00:31:36 UTC 2012
#19714: plugins which use the 'authenticate' hook unable to return errors
--------------------------+-----------------------------
Reporter: willnorris | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
The 'authenticate' hook is designed to allow functions to return either an
authenticated `WP_User` object (which will cause the user to be logged
in), or a `WP_Error` object, which will cause the errors to be displayed
to the user.
In practice, most plugins that use this hook don't rely on the username
and password at all, but instead on other means entirely. So what is
happening with these plugins (the OpenID plugin chief among them), is that
they are returning a `WP_Error` object that describes the error, but then
the `wp_authenticate_username_password` function is ignoring that and
returning its own `WP_Error` object which rightfully shows that the
username and password fields were left empty. Unfortunately, this error
object (containing both an empty username AND password) is explicitly
checked for and removed in the `wp_signon` method. This is normally the
right behavior and handles the case of a user who simply clicks "Log In"
without entering anything... we don't show them an error, we just redraw
the login form. However, in the case described above, an actual error did
occur with an authentication plugin, but the user simply sees the normal
login form with no error displayed.
(patch forthcoming)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19714>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list