From 2b539c3a91478249c5f55f7abdda8441b0acca9d Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 16 Jul 2018 14:09:22 +0000 Subject: [PATCH] Login and Registration: Set a better default value for `$wp_error` parameter in `login_header()`. To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly. Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan. Fixes #44052. git-svn-id: https://develop.svn.wordpress.org/trunk@43457 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-login.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/wp-login.php b/src/wp-login.php index e02208ae56..b0117ed8fa 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -28,9 +28,9 @@ if ( force_ssl_admin() && ! is_ssl() ) { * @param string $title Optional. WordPress login Page title to display in the `` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. - * @param WP_Error $wp_error Optional. The error to pass. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. */ -function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { +function login_header( $title = 'Log In', $message = '', $wp_error = null ) { global $error, $interim_login, $action; // Don't index any of these forms @@ -38,7 +38,7 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { add_action( 'login_head', 'wp_login_viewport_meta' ); - if ( empty( $wp_error ) ) { + if ( ! is_wp_error( $wp_error ) ) { $wp_error = new WP_Error(); }