Changeset 36084

Timestamp:

12/24/2015 02:48:29 AM (7 years ago)

Author:

pento

Message:

User: Don't continue checking a password reset key, if the hash is empty.

An empty reset key hash will never be valid, so we can skip seeing if it can be used to validate the given key, and return a failure early.

This fixes a warning in the unit tests under HHVM.

See #33926.

File:

• trunk/src/wp-includes/user.php (modified) (1 diff)

trunk/src/wp-includes/user.php

@@ -2061 +2061 @@
     }
 
+    if ( ! $pass_key ) {
+        return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
+    }
+
     $hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );