From 7dc05d7eaf0832d18d28a72fbc499c26849ab56a Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Thu, 11 Jul 2024 12:34:19 +0900 Subject: [PATCH 01/16] Add a filter so consumers can add links to the problem area. --- class-two-factor-core.php | 1 + 1 file changed, 1 insertion(+) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 51c3cee3..f28ecffa 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -835,6 +835,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg + From 16a1d5c1f0ea9f5c75e203108237fbb7f26cd421 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Thu, 11 Jul 2024 12:37:51 +0900 Subject: [PATCH 02/16] Document filter. --- class-two-factor-core.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index f28ecffa..1503fff3 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -835,7 +835,12 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg - + From 8918127f4e6a5d276415a26988050fdd3cc8b347 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Fri, 12 Jul 2024 13:58:18 +0900 Subject: [PATCH 03/16] Pass all the links so we can control link location. --- class-two-factor-core.php | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 1503fff3..62e3b915 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -825,23 +825,29 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg

    - $backup_provider ) : + $backup_provider ) { $backup_link_args['provider'] = $backup_provider_key; - ?> -
  • - - get_alternative_provider_label() ); ?> - -
    • - - $2%s', + esc_url( self::login_url( $backup_link_args ) ), + esc_html( $backup_provider->get_alternative_provider_label() ) + ); + } + /* * Allow plugins to add links to the two-factor login form. */ - echo apply_filters( 'two_factor_login_support_links', '' ); - ?> -
+ $links = apply_filters( 'two_factor_login_support_links', $links ); + + // Echo out the filtered links + foreach ( $links as $link ) { + echo wp_kses_post( $link ); + } + ?> + From 5a6052210d8aa06ce60366eaa0fc9ddd1e1f4ed1 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 12:29:32 +0900 Subject: [PATCH 04/16] Refactor to display links outside of backup_providers. --- class-two-factor-core.php | 71 ++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 62e3b915..58d5f5bd 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -804,50 +804,53 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg authentication_page( $user ); ?> - $action, - 'wp-auth-id' => $user->ID, - 'wp-auth-nonce' => $login_nonce, - ); - if ( $rememberme ) { - $backup_link_args['rememberme'] = $rememberme; - } - if ( $redirect_to ) { - $backup_link_args['redirect_to'] = $redirect_to; - } - if ( $interim_login ) { - $backup_link_args['interim-login'] = 1; + $action, + 'wp-auth-id' => $user->ID, + 'wp-auth-nonce' => $login_nonce, + ); + if ( $rememberme ) { + $backup_link_args['rememberme'] = $rememberme; + } + if ( $redirect_to ) { + $backup_link_args['redirect_to'] = $redirect_to; + } + if ( $interim_login ) { + $backup_link_args['interim-login'] = 1; + } + + foreach ( $backup_providers as $backup_provider_key => $backup_provider ) { + $backup_link_args['provider'] = $backup_provider_key; + $links[] = sprintf( + '
  • %2$s
    • ', + esc_url( self::login_url( $backup_link_args ) ), + esc_html( $backup_provider->get_alternative_provider_label() ) + ); + } } - ?> + + /* + * Allow plugins to add links to the two-factor login form. + */ + $links = apply_filters( 'two_factor_login_backup_links', $links ); + ?> + +

      $backup_provider ) { - $backup_link_args['provider'] = $backup_provider_key; - $links[] = sprintf( - '
    • $2%s
      • ', - esc_url( self::login_url( $backup_link_args ) ), - esc_html( $backup_provider->get_alternative_provider_label() ) - ); - } - - /* - * Allow plugins to add links to the two-factor login form. - */ - $links = apply_filters( 'two_factor_login_support_links', $links ); - - // Echo out the filtered links foreach ( $links as $link ) { - echo wp_kses_post( $link ); + echo $link; } ?> -
    +
    From 61121cd7edbf36e06c2f7c07c84c6f6a338281f5 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 12:32:25 +0900 Subject: [PATCH 05/16] Update doc block for filter and bump version. --- class-two-factor-core.php | 13 ++++++++++--- two-factor.php | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 58d5f5bd..edda9dd2 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -833,9 +833,16 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg } } - /* - * Allow plugins to add links to the two-factor login form. - */ + /** + * Filters the backup links displayed on the two-factor login form. + * + * Plugins can use this filter to modify or add links to the two-factor authentication + * login form, allowing users to select backup methods for authentication. + * + * @since 0.9.2 + * + * @param array $links An array of backup links displayed on the two-factor login form. + */ $links = apply_filters( 'two_factor_login_backup_links', $links ); ?> diff --git a/two-factor.php b/two-factor.php index 380ad4c2..c20fe588 100644 --- a/two-factor.php +++ b/two-factor.php @@ -11,7 +11,7 @@ * Plugin Name: Two Factor * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes. - * Version: 0.9.1 + * Version: 0.9.2 * Requires at least: 6.3 * Requires PHP: 7.2 * Author: Plugin Contributors From 5ac8a23fbf3408bfb5a52a3c979fa69c34e501d7 Mon Sep 17 00:00:00 2001 From: StevenDufresne Date: Mon, 23 Sep 2024 15:31:10 +0900 Subject: [PATCH 06/16] Update documentation and remove
  • from the string. --- class-two-factor-core.php | 10 +++++----- readme.txt | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index edda9dd2..988ee2a2 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -826,7 +826,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg foreach ( $backup_providers as $backup_provider_key => $backup_provider ) { $backup_link_args['provider'] = $backup_provider_key; $links[] = sprintf( - '
  • %2$s
    • ', + '%2$s', esc_url( self::login_url( $backup_link_args ) ), esc_html( $backup_provider->get_alternative_provider_label() ) ); @@ -834,14 +834,14 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg } /** - * Filters the backup links displayed on the two-factor login form. + * Filters the html links displayed on the two-factor login form. * * Plugins can use this filter to modify or add links to the two-factor authentication - * login form, allowing users to select backup methods for authentication. + * login form, allowing users to select backup methods for authentication or provide documentation links. * * @since 0.9.2 * - * @param array $links An array of backup links displayed on the two-factor login form. + * @param array $links An array of links displayed on the two-factor login form. */ $links = apply_filters( 'two_factor_login_backup_links', $links ); ?> @@ -854,7 +854,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg
      ' . $link . ''; } ?>
    diff --git a/readme.txt b/readme.txt index f4baaffa..596405cc 100644 --- a/readme.txt +++ b/readme.txt @@ -28,6 +28,7 @@ Here is a list of action and filter hooks provided by the plugin: - `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID. - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow. - `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated. +- `two_factor_login_backup_links` filters the backup links displayed on the two-factor login form. == Frequently Asked Questions == From 76f4584bca63d90b70c2d17e13150182fa262a39 Mon Sep 17 00:00:00 2001 From: Brian Date: Sun, 22 Feb 2026 11:34:33 +0100 Subject: [PATCH 07/16] remove version update in this PR Co-authored-by: George Stephanis --- two-factor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/two-factor.php b/two-factor.php index c20fe588..380ad4c2 100644 --- a/two-factor.php +++ b/two-factor.php @@ -11,7 +11,7 @@ * Plugin Name: Two Factor * Plugin URI: https://wordpress.org/plugins/two-factor/ * Description: Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes. - * Version: 0.9.2 + * Version: 0.9.1 * Requires at least: 6.3 * Requires PHP: 7.2 * Author: Plugin Contributors From 840984003347576a5362db8d0b2493953292ea39 Mon Sep 17 00:00:00 2001 From: Brian Date: Sun, 22 Feb 2026 11:50:53 +0100 Subject: [PATCH 08/16] fix @since version number --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 988ee2a2..689fc63d 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -839,7 +839,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg * Plugins can use this filter to modify or add links to the two-factor authentication * login form, allowing users to select backup methods for authentication or provide documentation links. * - * @since 0.9.2 + * @since 0.16.0 * * @param array $links An array of links displayed on the two-factor login form. */ From fa8e05deb5717fe35f8f1545678b9c79ac97335b Mon Sep 17 00:00:00 2001 From: Brian Date: Tue, 24 Feb 2026 18:58:22 +0100 Subject: [PATCH 09/16] fix Syntax error from merge conflicts --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index cc78e7c4..ff0b649e 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1067,7 +1067,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg $action, 'wp-auth-id' => $user->ID, From 829b64c631818d518ed401326a9fcb5cbc249af4 Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:15:55 -0500 Subject: [PATCH 10/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index ff0b649e..22c08177 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1065,7 +1065,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg Date: Mon, 2 Mar 2026 11:16:05 -0500 Subject: [PATCH 11/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 22c08177..572d5a99 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1067,7 +1067,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg $action, 'wp-auth-id' => $user->ID, From fcb0acc002761ef33766e374f5c7831b2748a45e Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:16:30 -0500 Subject: [PATCH 12/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 572d5a99..028ee5da 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1085,10 +1085,9 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg foreach ( $backup_providers as $backup_provider_key => $backup_provider ) { $backup_link_args['provider'] = $backup_provider_key; - $links[] = sprintf( - '%2$s', - esc_url( self::login_url( $backup_link_args ) ), - esc_html( $backup_provider->get_alternative_provider_label() ) + $links[] = array( + 'url' => self::login_url( $backup_link_args ), + 'label' => $backup_provider->get_alternative_provider_label(), ); } } From 93f194e51fb49f35c9a66209ed0ace71f4a61ed0 Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:16:51 -0500 Subject: [PATCH 13/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 028ee5da..8361ce55 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1100,7 +1100,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg * * @since 0.16.0 * - * @param array $links An array of links displayed on the two-factor login form. + * @param array $links An array of links displayed on the two-factor login form, each with `url` and `label` keys. */ $links = apply_filters( 'two_factor_login_backup_links', $links ); ?> From 6c38a527927585b7def26741170eae9ae4ac425a Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:17:00 -0500 Subject: [PATCH 14/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 8361ce55..3cd3b098 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1093,7 +1093,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg } /** - * Filters the html links displayed on the two-factor login form. + * Filters the links displayed on the two-factor login form. * * Plugins can use this filter to modify or add links to the two-factor authentication * login form, allowing users to select backup methods for authentication or provide documentation links. From ef9455c152469580c874904640f444c95fa9a5fe Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:17:13 -0500 Subject: [PATCH 15/16] Apply suggestion from @masteradhoc Co-authored-by: Brian --- class-two-factor-core.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/class-two-factor-core.php b/class-two-factor-core.php index 3cd3b098..edc5398a 100644 --- a/class-two-factor-core.php +++ b/class-two-factor-core.php @@ -1113,7 +1113,7 @@ public static function login_html( $user, $login_nonce, $redirect_to, $error_msg From da2f7a025819b66bb736f6890b6eb99d445c9395 Mon Sep 17 00:00:00 2001 From: George Stephanis Date: Mon, 2 Mar 2026 11:21:57 -0500 Subject: [PATCH 16/16] Apply suggestion from @georgestephanis --- readme.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/readme.txt b/readme.txt index 3cb2d3f2..e5b9d98a 100644 --- a/readme.txt +++ b/readme.txt @@ -100,7 +100,6 @@ Here is a list of action and filter hooks provided by the plugin: - `two_factor_providers_for_user` filter overrides the available two-factor providers for a specific user. Array values are instances of provider classes and the user object `WP_User` is available as the second argument. - `two_factor_enabled_providers_for_user` filter overrides the list of two-factor providers enabled for a user. First argument is an array of enabled provider classnames as values, the second argument is the user ID. - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow. -- `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated. - `two_factor_user_api_login_enable` filter restricts authentication for REST API and XML-RPC to application passwords only. Provides the user ID as the second argument. - `two_factor_email_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated. - `two_factor_email_token_length` filter overrides the default 8 character count for email tokens.