WordPress.org

Make WordPress Core

Changeset 36084


Ignore:
Timestamp:
12/24/15 02:48:29 (16 months ago)
Author:
pento
Message:

User: Don't continue checking a password reset key, if the hash is empty.

An empty reset key hash will never be valid, so we can skip seeing if it can be used to validate the given key, and return a failure early.

This fixes a warning in the unit tests under HHVM.

See #33926.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r35986 r36084  
    20612061    } 
    20622062 
     2063    if ( ! $pass_key ) { 
     2064        return new WP_Error( 'invalid_key', __( 'Invalid key' ) ); 
     2065    } 
     2066 
    20632067    $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key ); 
    20642068 
Note: See TracChangeset for help on using the changeset viewer.