Privacy: Remove unnecessary `WP_Error` when handling `confirmaction` requests.

By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code.

Props garrett-eclipse, birgire.
Fixes #44901.
Built from https://develop.svn.wordpress.org/trunk@44931


git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
desrosj 2019-03-19 02:38:48 +00:00
parent 38589e14e2
commit 86eb60b307
2 changed files with 8 additions and 9 deletions

View File

@ -13,7 +13,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.2-alpha-44930';
$wp_version = '5.2-alpha-44931';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

View File

@ -853,17 +853,16 @@ switch ( $action ) {
case 'confirmaction':
if ( ! isset( $_GET['request_id'] ) ) {
wp_die( __( 'Invalid request.' ) );
wp_die( __( 'Missing request ID.' ) );
}
if ( ! isset( $_GET['confirm_key'] ) ) {
wp_die( __( 'Missing confirm key.' ) );
}
$request_id = (int) $_GET['request_id'];
if ( isset( $_GET['confirm_key'] ) ) {
$key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
$result = wp_validate_user_request_key( $request_id, $key );
} else {
$result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
if ( is_wp_error( $result ) ) {
wp_die( $result );