[wp-trac] [WordPress Trac] #10453: authentication errors from plugins sometimes get suppressed
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 18 09:30:07 UTC 2010
#10453: authentication errors from plugins sometimes get suppressed
--------------------------+-------------------------------------------------
Reporter: wnorris | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version: 2.8.1
Severity: normal | Keywords: authentication, login, plugins, has-patch
--------------------------+-------------------------------------------------
Comment(by miqrogroove):
wnorris, I don't think you've quite made the case for this patch.
> Also changes how wp_signon clears out the 'empty_username' and
'empty_password' errors, to ensure that any others are maintained
As I understand the existing code, WordPress '''does not''' clear out the
empty_username and empty_password items if other errors are present. This
is made fairly obvious by the patch's attempt to unset errors in the
context of an authentication failure. If you think there's a sane way to
do that, it needs to be explained and documented.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10453#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list