[wp-trac] [WordPress Trac] #32373: Allow For execution of code before login processing

WordPress Trac noreply at wordpress.org
Thu May 21 13:26:11 UTC 2015


#32373: Allow For execution of code before login processing
--------------------------------------------+------------------------------
 Reporter:  Another Guy                     |       Owner:
     Type:  enhancement                     |      Status:  new
 Priority:  normal                          |   Milestone:  Awaiting Review
Component:  Security                        |     Version:  trunk
 Severity:  normal                          |  Resolution:
 Keywords:  dev-feedback 2nd-opinion close  |     Focuses:
--------------------------------------------+------------------------------

Comment (by Another Guy):

 DD32:  Actually, that comes close to it, but still requires that some pre-
 processing is done.  Also, it would still be in the nature of a "hack"
 rather than something properly sanctioned.  Also, your code would be
 executed on every page load (every time config is loaded) rather than
 being restricted to only areas where interaction can take place (logins,
 comments, etc).  While your solution is interesting, it's still a hack and
 not a proper application.

 chriscct7:  The point is that the code would be executed before any part
 of wordpress is loaded.  I put it (as an exmaple) at line 10 in wp-
 login.php.  That is before the bootstrap is called.  That means I am
 dealing with the incoming connection, all of it's request headers,
 methods, and such, and I can choose to filter based on any and all of them
 - including the actual IP and not the cloudflare network IP provided.

 As for htaccess, as I mentioned before, Cloudflare (and other cache
 services) replace the user IP and country with their own IP, which means
 you CANNOT use htaccess to control who can and cannot access different
 parts of your site.   Those IPs are shared with many users, so you cannot
 block one without blocking many.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/32373#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list