Make WordPress Core

Changeset 29381


Ignore:
Timestamp:
08/06/2014 02:16:51 AM (11 years ago)
Author:
SergeyBiryukov
Message:

Avoid PHP notices in wp-login.php if password reset cookie is not set.

props mdawaffe.
see #29060.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r29327 r29381  
    569569    }
    570570
    571     list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
    572 
    573     $user = check_password_reset_key( $rp_key, $rp_login );
    574 
    575     if ( is_wp_error($user) ) {
     571    if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
     572        list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
     573        $user = check_password_reset_key( $rp_key, $rp_login );
     574    } else {
     575        $user = false;
     576    }
     577
     578    if ( ! $user || is_wp_error( $user ) ) {
    576579        setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
    577         if ( $user->get_error_code() === 'expired_key' )
     580        if ( $user && $user->get_error_code() === 'expired_key' )
    578581            wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
    579582        else
Note: See TracChangeset for help on using the changeset viewer.