[wp-trac] [WordPress Trac] #32373: Allow For execution of code before login processing
WordPress Trac
noreply at wordpress.org
Thu May 21 13:26:11 UTC 2015
#32373: Allow For execution of code before login processing
--------------------------------------------+------------------------------
Reporter: Another Guy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: dev-feedback 2nd-opinion close | Focuses:
--------------------------------------------+------------------------------
Comment (by Another Guy):
DD32: Actually, that comes close to it, but still requires that some pre-
processing is done. Also, it would still be in the nature of a "hack"
rather than something properly sanctioned. Also, your code would be
executed on every page load (every time config is loaded) rather than
being restricted to only areas where interaction can take place (logins,
comments, etc). While your solution is interesting, it's still a hack and
not a proper application.
chriscct7: The point is that the code would be executed before any part
of wordpress is loaded. I put it (as an exmaple) at line 10 in wp-
login.php. That is before the bootstrap is called. That means I am
dealing with the incoming connection, all of it's request headers,
methods, and such, and I can choose to filter based on any and all of them
- including the actual IP and not the cloudflare network IP provided.
As for htaccess, as I mentioned before, Cloudflare (and other cache
services) replace the user IP and country with their own IP, which means
you CANNOT use htaccess to control who can and cannot access different
parts of your site. Those IPs are shared with many users, so you cannot
block one without blocking many.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32373#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list