[wp-trac] [WordPress Trac] #8941: XML-RPC should use User returned from wp_authenticate

WordPress Trac wp-trac at lists.automattic.com
Fri Jan 23 23:08:45 GMT 2009 

#8941: XML-RPC should use User returned from wp_authenticate
--------------------------+-------------------------------------------------
 Reporter:  wnorris       |       Owner:  josephscott
     Type:  defect (bug)  |      Status:  new        
 Priority:  normal        |   Milestone:  2.8        
Component:  XML-RPC       |     Version:             
 Severity:  normal        |    Keywords:  has-patch  
--------------------------+-------------------------------------------------
 The WordPress XML-RPC class currently makes use of wp_authenticate
 indirectly to test the validity of the username and password included in
 requests.  It then calls set_current_user( 0, $username ) separately,
 using the username that was included in the request.  This works in most
 cases, except those in which the user returned by wp_authenticate does not
 match the username that was in the XML-RPC request.  Specifically, I'm
 thinking about requests that are authenticated using OAuth.  For those
 requests, the username and password in the XML-RPC request will be empty,
 but wp_authenticate will still be able to return the correct user based on
 the OAuth request headers.

 The included patch makes the following changes:

  * adds new login() function that mimics login_pass_ok(), but passes back
 the user object from wp_authenticate rather than a simple boolean.  It
 also calls set_current_user().  All functions have been updated to use
 login() instead of login_pass_ok(), and the latter has been marked
 @deprecated

  * standardize on 'username' and 'password' as variable names.  Some
 functions still used 'user_login' and 'user_pass'.

 It's important to note that while this patch is part of the same overall
 effort as #8938 (that is, to allow for OAuth-authenticated XML-RPC
 requests), this patch is in no way dependent on #8938.  It should work
 just fine on its own, with introducing any backward compatibility issues.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8941>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list