[wp-trac] [WordPress Trac] #3708: wp_login is too "friendly" -- Information disclosure
WordPress Trac
noreply at wordpress.org
Sat Mar 16 15:21:32 UTC 2019
#3708: wp_login is too "friendly" -- Information disclosure
--------------------------------------+----------------------
Reporter: charleshooper | Owner: (none)
Type: defect (bug) | Status: closed
Priority: low | Milestone:
Component: Security | Version: 2.2
Severity: trivial | Resolution: wontfix
Keywords: security login has-patch |
--------------------------------------+----------------------
Comment (by afercia):
In [changeset:"44918" 44918]:
{{{
#!CommitTicketReference repository="" revision="44918"
Accessibility: Login: Display error messages when both the username and
password fields are empty.
For accessibility and usability, if an input error is detected, the item
that is in error needs to be identified and the error needs to be
described to the user in text (WCAG Success Criterion 3.3.1). The login
form displays an error when the username field is empty or when the
password field is empty. It omits to do so when both fields are empty.
This change restores the login form behavior to the one that used to work
in WordPress 2.3 (!) and displays the related error messages also when
both fields are empty.
Props birgire, audrasjb.
See #8938, #5405, #3708.
Fixes #42985.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/3708#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list