[wp-trac] [WordPress Trac] #43957: check_password_reset_key could use get_user_by instead of direct query
WordPress Trac
noreply at wordpress.org
Fri May 4 09:58:07 UTC 2018
#43957: check_password_reset_key could use get_user_by instead of direct query
------------------------------------+-----------------------------
Reporter: thomaslhotta | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 4.9.5
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
Hi
Just noticed, that {{{check_password_reset_key}}} is one of only a few
functions making a direct query to the users table. Wouldn't it be more
consistent to use the {{{get_user_by}}} function here. I came across this
because I am replacing the
{{{get_user_by}}} function with my own. Not being able to hook into the
user retrieval in {{{check_password_reset_key}}} forces me to take a
rather hackish approach by using the 'query' filter.
I cannot see any advantages of making a direct query aside from bypassing
the object cache. Maybe there is a security concern that I am not aware
of?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43957>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list