From c4dd769f22e44d5a471a498db143b7d1f20deed9 Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Wed, 7 Oct 2015 14:29:29 +0000
Subject: [PATCH] Prevent a PHP notice from appearing on
 `wp-login.php?action=postpass` when there's no `$_POST['post_password']`
 parameter. Redirects to the referer if there is one (if there isn't one it'll
 just exit with a blank screen; no need for a user-friendly error message
 here).

Fixes #34160
Props iamfriendly


git-svn-id: https://develop.svn.wordpress.org/trunk@34909 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-login.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wp-login.php b/src/wp-login.php
index 8f676d7d8a..350363dabe 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -472,6 +472,11 @@ $interim_login = isset($_REQUEST['interim-login']);
 switch ($action) {
 
 case 'postpass' :
+	if ( ! array_key_exists( 'post_password', $_POST ) ) {
+		wp_safe_redirect( wp_get_referer() );
+		exit();
+	}
+
 	require_once ABSPATH . WPINC . '/class-phpass.php';
 	$hasher = new PasswordHash( 8, true );