[wp-trac] [WordPress Trac] #40065: Check for invalid user before `lostpassword_post` in `retrieve_password()`
WordPress Trac
noreply at wordpress.org
Fri May 4 01:18:16 UTC 2018
#40065: Check for invalid user before `lostpassword_post` in `retrieve_password()`
------------------------------------+------------------------------
Reporter: jfarthing84 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.7.3
Severity: normal | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------------
Comment (by cormdas):
I would have liked to prevent information disclosure in login and password
retrieval forms by returning a generic message rather than one that
indicates whether or not a username/email is valid. However, this is not
possible because that one check can add an error after the filter is
called.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40065#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list