WordPress.org
Get WordPress

Make WordPress Core

Ticket #45845: 45845.diff

File 45845.diff, 2.0 KB (added by davidbaumwald, 7 years ago)

Patch with suggested fix

  • wp-includes/user.php

     
    23202320                return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    23212321        }
    23222322
    2323         $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
    2324         if ( ! $row ) {
     2323        $user = get_user_by( 'login', $login );
     2324
     2325        if ( ! $user ) {
    23252326                return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    23262327        }
    23272328
     
    23392340         */
    23402341        $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
    23412342
    2342         if ( false !== strpos( $row->user_activation_key, ':' ) ) {
    2343                 list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2343        if ( false !== strpos( $user->user_activation_key, ':' ) ) {
     2344                list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 );
    23442345                $expiration_time                      = $pass_request_time + $expiration_duration;
    23452346        } else {
    2346                 $pass_key        = $row->user_activation_key;
     2347                $pass_key        = $user->user_activation_key;
    23472348                $expiration_time = false;
    23482349        }
    23492350
     
    23542355        $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );
    23552356
    23562357        if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
    2357                 return get_userdata( $row->ID );
     2358                return $user;
    23582359        } elseif ( $hash_is_correct && $expiration_time ) {
    23592360                // Key has an expiration time that's passed
    23602361                return new WP_Error( 'expired_key', __( 'Invalid key' ) );
    23612362        }
    23622363
    2363         if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
     2364        if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
    23642365                $return  = new WP_Error( 'expired_key', __( 'Invalid key' ) );
    2365                 $user_id = $row->ID;
     2366                $user_id = $user->ID;
    23662367
    23672368                /**
    23682369                 * Filters the return value of check_password_reset_key() when an