[wp-trac] [WordPress Trac] #52439: 'authenticate' filters ignore WP_Error case
WordPress Trac
noreply at wordpress.org
Wed Feb 3 21:49:15 UTC 2021
#52439: 'authenticate' filters ignore WP_Error case
------------------------------------+-----------------------------
Reporter: joyously | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords:
Focuses: |
------------------------------------+-----------------------------
The core functions hooked by default to the 'authenticate' filter do not
check the filtered object for `WP_Error` before overwriting with the
authenticated user object.
This means a filter added with the default priority of 10 that passes a
`WP_Error` is ignored, and the user is logged in anyway.
Noticed in forum topic: https://wordpress.org/support/topic/creating-an-
authenticate-filter/
Default filters are
{{{
add_filter( 'authenticate', 'wp_authenticate_username_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_email_password', 20, 3 );
add_filter( 'authenticate', 'wp_authenticate_application_password', 20, 3
);
add_filter( 'authenticate', 'wp_authenticate_spam_check', 99 );
}}}
and user.php has
`add_filter( 'authenticate', 'wp_authenticate_cookie', 30, 3 );`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52439>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list