From 0f7d35597c2aa823e46783a4435ee8e0f66ee54a Mon Sep 17 00:00:00 2001 From: Drew Jaynes Date: Sun, 10 Aug 2014 02:39:16 +0000 Subject: [PATCH] Improve the `wp_set_password()` PHPDoc with a note to guard against executing the function on every page load, such as through a theme's functions.php file. See #28316. Built from https://develop.svn.wordpress.org/trunk@29461 git-svn-id: http://core.svn.wordpress.org/trunk@29239 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 52a16788fc..e0c031ea87 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -2052,6 +2052,10 @@ if ( !function_exists('wp_set_password') ) : * For integration with other applications, this function can be overwritten to * instead use the other package password checking algorithm. * + * Please note: This function should be used sparingly and is really only meant for single-time + * application. Leveraging this improperly in a plugin or theme could result in an endless loop + * of password resets if precautions are not taken to ensure it does execute on every page load. + * * @since 2.5.0 * * @uses $wpdb WordPress database object for queries