From 43324cec8be6c6baef84340127f2332de66c835d Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Thu, 28 Feb 2019 14:39:50 +0000 Subject: [PATCH] Users: Replace raw SQL query in `check_password_reset_key()` with `get_user_by()`. Props davidbaumwald, iworks, spacedmonkey. Fixes #45845. Built from https://develop.svn.wordpress.org/trunk@44780 git-svn-id: http://core.svn.wordpress.org/trunk@44612 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/user.php | 17 +++++++++-------- wp-includes/version.php | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/wp-includes/user.php b/wp-includes/user.php index 064f5144f3..5d46b42a77 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2320,8 +2320,9 @@ function check_password_reset_key( $key, $login ) { return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); } - $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) ); - if ( ! $row ) { + $user = get_user_by( 'login', $login ); + + if ( ! $user ) { return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); } @@ -2339,11 +2340,11 @@ function check_password_reset_key( $key, $login ) { */ $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS ); - if ( false !== strpos( $row->user_activation_key, ':' ) ) { - list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 ); + if ( false !== strpos( $user->user_activation_key, ':' ) ) { + list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 ); $expiration_time = $pass_request_time + $expiration_duration; } else { - $pass_key = $row->user_activation_key; + $pass_key = $user->user_activation_key; $expiration_time = false; } @@ -2354,15 +2355,15 @@ function check_password_reset_key( $key, $login ) { $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { - return get_userdata( $row->ID ); + return $user; } elseif ( $hash_is_correct && $expiration_time ) { // Key has an expiration time that's passed return new WP_Error( 'expired_key', __( 'Invalid key' ) ); } - if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { + if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) { $return = new WP_Error( 'expired_key', __( 'Invalid key' ) ); - $user_id = $row->ID; + $user_id = $user->ID; /** * Filters the return value of check_password_reset_key() when an diff --git a/wp-includes/version.php b/wp-includes/version.php index fe7909f5fd..9e7873a86a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.2-alpha-44779'; +$wp_version = '5.2-alpha-44780'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.