WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Login and Registration: Check if `$_GET['login']` is set before using it in `wp-login.php`. 

This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not.

Props satrancali.
Fixes #52980.
Built from https://develop.svn.wordpress.org/trunk@50677


git-svn-id: http://core.svn.wordpress.org/trunk@50286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2021-04-06 18:39:10 +00:00
parent c1e7f92d6a
commit 21bcc7c836
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.8-alpha-50670';
$wp_version = '5.8-alpha-50677';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

2
wp-login.php
View File

@ -807,7 +807,7 @@ switch ( $action ) {
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( isset( $_GET['key'] ) ) {
if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );