mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-01-17 21:08:44 +01:00
Code Issues Actions 99 Packages Projects Releases Wiki Activity

Login and Registration: Check if $_GET['login'] is set before using it in wp-login.php.

Browse Source 
This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not.

Props satrancali.
Fixes #52980.

git-svn-id: https://develop.svn.wordpress.org/trunk@50677 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2021-04-06 18:37:06 +00:00
parent 4286a87407
commit 924343c8fc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-login.php
View File

@ -807,7 +807,7 @@ switch ( $action ) {
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( isset( $_GET['key'] ) ) {
if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );