Answer the question
In order to leave comments, you need to log in
A
A
ammorium2015-05-26 17:55:33
ammorium, 2015-05-26 17:55:33
Is it safe to send wp_signon result in clear text?
For authorization through Ajax, the wp_signon function is used. Is it safe to send her entire result?
$user = wp_signon($data, false);
if($user instanceof WP_Error)
echo json_encode($user);
wp_die(); 1 answer(s)
@ammorium
I
Igor Vorotnev, 2015-05-26 @ammorium
As the WP community says, you're doing it wrong :) wp_signon()returns an object WP_Erroror WP_User(in case of failure or successful authorization, respectively). If you don't need them in their entirety (and you don't need them in 99.99% of cases) - why return them at all? Check in the handler, if it WP_Erroris - take it, take out the error itself and send it through wp_send_json_error()( dock ). If an object arrives WP_User, take what you need from it (for example, display_name) and return data via wp_send_json_success()( dock ). For further work with user data, you will already have access to the object WP_Userthrough a function wp_get_current_user()( dock ).
Similar questions
V
Vadim2312017-09-18 21:01:08
How to make if the number was not an integer, gave out -1 in response?
6Reply
J
T
E
Eugene Khrustalev2021-03-16 17:32:41
How to protect statics when authorizing through a token?
0Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question