[wp-trac] [WordPress Trac] #45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in admin-post.php
WordPress Trac
noreply at wordpress.org
Mon Dec 3 15:43:42 UTC 2018
#45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in
admin-post.php
----------------------------+-----------------------------
Reporter: jmdodd | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: minor | Keywords: has-patch
Focuses: |
----------------------------+-----------------------------
/wp-admin/admin-post.php was introduced in r8315 and still uses the
function wp_validate_auth_cookie() to differentiate between logged-in and
nopriv actions today. /wp-admin/admin-ajax.php, introduced in r3660, uses
is_user_logged_in() to differentiate between the logged-in and nopriv
actions.
Using is_user_logged_in() allows a plugin to provide a different form of
authentication to set the user by filtering on determine_current_user in
_wp_get_current_user() whereas wp_validate_auth_cookie() does not, even
though it is already a default filter on determine_current_user. Both
admin-post.php and admin-ajax.php perform a similar role in wp-admin and
should have similar authentication paths.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45475>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list