[wp-trac] [WordPress Trac] #35103: login_url Filter is now applied to Login Form Action Attribute

WordPress Trac noreply at wordpress.org
Wed Dec 16 03:01:29 UTC 2015 

#35103: login_url Filter is now applied to Login Form Action Attribute
------------------------------------+--------------------
 Reporter:  salcode                 |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  4.4.1
Component:  Login and Registration  |     Version:  4.4
 Severity:  normal                  |  Resolution:
 Keywords:                          |     Focuses:
------------------------------------+--------------------

Comment (by khag7):

 I have always understood `wp_login_url()` to mean "The url which one can
 visit to use a login form" but not necessarily the url to which the form
 data is posted.

 Previous to 4.4.0 the login form generated by `wp_login_form()` had the
 action hard coded to `wp-login.php`. This made it easy (and not uncommon)
 for users to have `wp_login_url()` filtered to point to a custom page. It
 was also easy for these users to have a shortcode put a login form on that
 page which draws from `wp_login_form()`. They didn't need to worry about
 making their page handle the posted data since the form was hard-coded to
 post the form submission to `wp-login.php`.

 The patch proposed in #34925 fixes the problem outlined there, but doesn't
 fix the bug described here. The desired action is that the function
 `wp_login_url` should not be used to get the url to which the form should
 be submitted. We need another way of determining the url to post the data
 to.

 I've written a function, `wp_login_handler_url()` which solves the problem
 here and the problem from the other ticket. Now we can use
 `wp_login_url()` and `wp_login_handler_url()` separately. By default, they
 are going to both be pointing at `wp-login.php`, but users can now filter
 `login_url` while still allowing the login form post data to be sent to
 `wp-login.php`.

 If we commit this patch, we could (and should) search through core files
 for use of `site_url('wp-login.php')` and instead use either
 `wp_login_handler_url` or `login_url` depending on the circumstance of
 use.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35103#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list