From f9bba421b588cba59fd5bd00020b6fee3d2d50c3 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 24 Dec 2015 02:49:26 +0000 Subject: [PATCH] User: Don't continue checking a password reset key, if the hash is empty. An empty reset key hash will never be valid, so we can skip seeing if it can be used to validate the given key, and return a failure early. This fixes a warning in the unit tests under HHVM. See #33926. Built from https://develop.svn.wordpress.org/trunk@36084 git-svn-id: http://core.svn.wordpress.org/trunk@36049 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/user.php | 4 ++++ wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/wp-includes/user.php b/wp-includes/user.php index 7e83c57494..d62e5e7cf9 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2060,6 +2060,10 @@ function check_password_reset_key($key, $login) { $expiration_time = false; } + if ( ! $pass_key ) { + return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); + } + $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index fabbcf806d..9bb4812177 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-alpha-36083'; +$wp_version = '4.5-alpha-36084'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.