Describe the bug
I have a plugin that is adding a form field to the login form. It's a hidden field that indicates whether JavaScript is enabled. When the attach_session_information filter is applied at login, I have a callback that looks for that input var in $_POST and then attaches information to the session for whether JS was enabled (and whether the “Remember Me” checkbox was checked). However, I discovered that the Two Factor plugin breaks this due to the interstitial 2FA challenge screen.
Should all fields in $_POST be copied into hidden input fields in the validate_2fa_form so that they are carried along when the user ultimately signs in?
|
<form name="validate_2fa_form" id="loginform" action="<?php echo esc_url( self::login_url( array( 'action' => $action ), 'login_post' ) ); ?>" method="post" autocomplete="off"> |
|
<input type="hidden" name="provider" id="provider" value="<?php echo esc_attr( $provider_key ); ?>" /> |
|
<input type="hidden" name="wp-auth-id" id="wp-auth-id" value="<?php echo esc_attr( $user->ID ); ?>" /> |
|
<input type="hidden" name="wp-auth-nonce" id="wp-auth-nonce" value="<?php echo esc_attr( $login_nonce ); ?>" /> |
|
<?php if ( $interim_login ) { ?> |
|
<input type="hidden" name="interim-login" value="1" /> |
|
<?php } else { ?> |
|
<input type="hidden" name="redirect_to" value="<?php echo esc_attr( $redirect_to ); ?>" /> |
|
<?php } ?> |
|
<input type="hidden" name="rememberme" id="rememberme" value="<?php echo esc_attr( $rememberme ); ?>" /> |
|
|
|
<?php $provider->authentication_page( $user ); ?> |
|
</form> |
Steps to Reproduce
- Add a custom input field via the
login_form action, like <input name="foo" value="bar">.
- Add a
attach_session_information filter which looks for $_POST['foo'].
- When the Two Factor plugin is active,
$_POST['foo'] is missing whereas $_POST['rememberme'] is set due to it being specifically copied on the interstitial form:
|
<input type="hidden" name="rememberme" id="rememberme" value="<?php echo esc_attr( $rememberme ); ?>" /> |
Screenshots, screen recording, code snippet
No response
Environment information
No response
Please confirm that you have searched existing issues in this repository.
Yes
Please confirm that you have tested with all plugins deactivated except Two-Factor.
(N/A as it is a plugin compatibility problem.)
Describe the bug
I have a plugin that is adding a form field to the login form. It's a hidden field that indicates whether JavaScript is enabled. When the
attach_session_informationfilter is applied at login, I have a callback that looks for that input var in$_POSTand then attaches information to the session for whether JS was enabled (and whether the “Remember Me” checkbox was checked). However, I discovered that the Two Factor plugin breaks this due to the interstitial 2FA challenge screen.Should all fields in
$_POSTbe copied into hidden input fields in thevalidate_2fa_formso that they are carried along when the user ultimately signs in?two-factor/class-two-factor-core.php
Lines 954 to 966 in b27381a
Steps to Reproduce
login_formaction, like<input name="foo" value="bar">.attach_session_informationfilter which looks for$_POST['foo'].$_POST['foo']is missing whereas$_POST['rememberme']is set due to it being specifically copied on the interstitial form:two-factor/class-two-factor-core.php
Line 963 in b27381a
Screenshots, screen recording, code snippet
No response
Environment information
No response
Please confirm that you have searched existing issues in this repository.
Yes
Please confirm that you have tested with all plugins deactivated except Two-Factor.
(N/A as it is a plugin compatibility problem.)