[wp-trac] [WordPress Trac] #64785: Add filter for redirect_to URL in get_the_password_form()

WordPress Trac noreply at wordpress.org
Tue Mar 3 18:27:39 UTC 2026 

#64785: Add filter for redirect_to URL in get_the_password_form()
-----------------------------------+------------------------------
 Reporter:  regnalf                |       Owner:  (none)
     Type:  enhancement            |      Status:  new
 Priority:  normal                 |   Milestone:  Awaiting Review
Component:  Posts, Post Types      |     Version:  6.9.1
 Severity:  normal                 |  Resolution:
 Keywords:  has-patch 2nd-opinion  |     Focuses:
-----------------------------------+------------------------------

Comment (by regnalf):

 Hi @westonruter,

 Thanks for the quick feedback! Using the WP_HTML_Tag_Processor here is
 indeed a very interesting way to avoid brittle Regex or str_replace.

 However, from an architectural and performance standpoint, I still
 strongly believe a dedicated filter for the URL is the much cleaner
 approach. Here is why:

 **Separation of Concerns & Overhead**
 Instantiating a class, parsing the HTML string, finding the tag, and
 rewriting the HTML is quite a lot of overhead just to modify a single data
 variable. Modifying a rendered HTML string to change a logical variable
 feels like a presentation-layer hack for a logic-layer requirement.
 Filtering the data before it is embedded into the HTML structure is
 significantly faster and cleaner.

 **Remaining Fragility (Markup dependency)**
 If a custom theme or another plugin uses the_password_form to completely
 rebuild the form (e.g., for custom styling or accessibility), or if the
 core ever renames the input field in the future, the Tag Processor
 approach would silently fail because it tightly couples the logic to the
 exact <input name="redirect_to"> structure.

 By providing a dedicated filter for the URL, we don't just patch the
 default core form, we provide a clean API. Theme developers can then
 actually use this new hook to retrieve the correct, filtered redirect URL
 for their custom markup. This makes renamed input fields or complete form
 rewrites a complete non-issue.

 Given how common it is to redirect users after entering a password,
 wouldn't providing a direct data filter be the more robust "WordPress way"
 compared to parsing the DOM?

 Looking forward to your thoughts!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64785#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list