[wp-trac] [WordPress Trac] #45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in admin-post.php
WordPress Trac
noreply at wordpress.org
Tue Dec 4 02:51:45 UTC 2018
#45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in
admin-post.php
----------------------------+------------------------------
Reporter: jmdodd | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 2.6
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+------------------------------
Changes (by dd32):
* version: trunk => 2.6
* type: enhancement => defect (bug)
Comment:
I'm not sure why `wp_validate_auth_cookie()` was originally used here, as
it's definitely not the correct function. Using `is_user_logged_in()` as
done in [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/admin-
ajax.php#L153 admin-ajax.php] makes much more sense, as far as I can tell,
`admin-post.php` has never worked with alternative authentication
providers which use their own cookies.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45475#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list