[wp-trac] [WordPress Trac] #35177: Introduce a separate function for the login form action URL

WordPress Trac noreply at wordpress.org
Mon Dec 21 03:34:54 UTC 2015 

#35177: Introduce a separate function for the login form action URL
------------------------------------+-----------------------------
 Reporter:  khag7                   |      Owner:
     Type:  enhancement             |     Status:  new
 Priority:  normal                  |  Milestone:  Awaiting Review
Component:  Login and Registration  |    Version:  4.4
 Severity:  normal                  |   Keywords:
  Focuses:                          |
------------------------------------+-----------------------------
 See #34925, #35103.

 I have always understood `wp_login_url()` to mean "The url which one can
 visit to use a login form" but not necessarily the url to which the form
 data is posted.

 Previous to 4.4.0 the login form generated by `wp_login_form()` had the
 action hard coded to `wp-login.php`. This made it easy (and not uncommon)
 for users to have `wp_login_url()` filtered to point to a custom page. It
 was also easy for these users to have a shortcode put a login form on that
 page which draws from `wp_login_form()`. They didn't need to worry about
 making their page handle the posted data since the form was hard-coded to
 post the form submission to `wp-login.php`.

 The patch proposed in #34925 fixes the problem outlined there, but doesn't
 fix the bug described here. The desired action is that the function
 `wp_login_url` should not be used to get the url to which the form should
 be submitted. We need another way of determining the url to post the data
 to.

 I've written a function, `wp_login_handler_url()` which solves the problem
 here and the problem from the other ticket. Now we can use
 `wp_login_url()` and `wp_login_handler_url()` separately. By default, they
 are going to both be pointing at `wp-login.php`, but users can now filter
 `login_url` while still allowing the login form post data to be sent to
 `wp-login.php`.

 If we commit this patch, we could (and should) search through core files
 for use of `site_url('wp-login.php')` and instead use either
 `wp_login_handler_url` or `login_url` depending on the circumstance of
 use.

 The spirit of the original change was good. We shouldn't have hard-coded
 references to wp-login.php, we should have a function and one place that
 can be filtered. And attempting to use the existing function,
 `wp_login_url()` to get that url was a good idea, but its obvious that two
 separate but similar functions are needed here.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35177>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list