[wp-trac] [WordPress Trac] #45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in admin-post.php

WordPress Trac noreply at wordpress.org
Tue Dec 4 02:51:45 UTC 2018


#45475: Use plugin-friendly is_user_logged_in() to determine logged-in/nopriv in
admin-post.php
----------------------------+------------------------------
 Reporter:  jmdodd          |       Owner:  (none)
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:  2.6
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+------------------------------
Changes (by dd32):

 * version:  trunk => 2.6
 * type:  enhancement => defect (bug)


Comment:

 I'm not sure why `wp_validate_auth_cookie()` was originally used here, as
 it's definitely not the correct function. Using `is_user_logged_in()` as
 done in [https://core.trac.wordpress.org/browser/trunk/src/wp-admin/admin-
 ajax.php#L153 admin-ajax.php] makes much more sense, as far as I can tell,
 `admin-post.php` has never worked with alternative authentication
 providers which use their own cookies.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45475#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list