sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

User: Don't continue checking a password reset key, if the hash is empty. 

An empty reset key hash will never be valid, so we can skip seeing if it can be used to validate the given key, and return a failure early.

This fixes a warning in the unit tests under HHVM.

See #33926.




git-svn-id: https://develop.svn.wordpress.org/trunk@36084 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast 2015-12-24 02:48:29 +00:00
parent 275c8c1f08
commit c54bcc4d39
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-includes/user.php
View File

@ -2060,6 +2060,10 @@ function check_password_reset_key($key, $login) {
$expiration_time = false; $expiration_time = false;
} }
if ( ! $pass_key ) {
return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
$hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) { if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {