Describe the bug

I have a plugin that is adding a form field to the login form. It's a hidden field that indicates whether JavaScript is enabled. When the attach_session_information filter is applied at login, I have a callback that looks for that input var in $_POST and then attaches information to the session for whether JS was enabled (and whether the “Remember Me” checkbox was checked). However, I discovered that the Two Factor plugin breaks this due to the interstitial 2FA challenge screen.

Should all fields in $_POST be copied into hidden input fields in the validate_2fa_form so that they are carried along when the user ultimately signs in?

Steps to Reproduce

1. Add a custom input field via the login_form action, like <input name="foo" value="bar">.
2. Add a attach_session_information filter which looks for $_POST['foo'].
3. When the Two Factor plugin is active, $_POST['foo'] is missing whereas $_POST['rememberme'] is set due to it being specifically copied on the interstitial form:

Screenshots, screen recording, code snippet

No response

Environment information

No response

Please confirm that you have searched existing issues in this repository.

Yes

Please confirm that you have tested with all plugins deactivated except Two-Factor.

(N/A as it is a plugin compatibility problem.)