WordPress.org

Make WordPress Core

Ticket #52003: 52003.diff

File 52003.diff, 516 bytes (added by MadtownLems, 3 months ago)

Patch of user.php that confirms both variables are set before moving forward with application password authentication

  • user.php

     
    461461                return $input_user;
    462462        }
    463463
    464         // Check that we're trying to authenticate
    465         if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
     464        // Both $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] must be set in order to attempt authentication
     465        if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) || ! isset( $_SERVER['PHP_AUTH_PW'] )  ) {
    466466                return $input_user;
    467467        }
    468468