WordPress.org

Make WordPress Core


Ignore:
Timestamp:
02/28/2019 02:38:27 PM (23 months ago)
Author:
SergeyBiryukov
Message:

Users: Replace raw SQL query in check_password_reset_key() with get_user_by().

Props davidbaumwald, iworks, spacedmonkey.
Fixes #45845.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r44606 r44780  
    23212321    }
    23222322
    2323     $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
    2324     if ( ! $row ) {
     2323    $user = get_user_by( 'login', $login );
     2324
     2325    if ( ! $user ) {
    23252326        return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    23262327    }
     
    23402341    $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
    23412342
    2342     if ( false !== strpos( $row->user_activation_key, ':' ) ) {
    2343         list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2343    if ( false !== strpos( $user->user_activation_key, ':' ) ) {
     2344        list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 );
    23442345        $expiration_time                      = $pass_request_time + $expiration_duration;
    23452346    } else {
    2346         $pass_key        = $row->user_activation_key;
     2347        $pass_key        = $user->user_activation_key;
    23472348        $expiration_time = false;
    23482349    }
     
    23552356
    23562357    if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
    2357         return get_userdata( $row->ID );
     2358        return $user;
    23582359    } elseif ( $hash_is_correct && $expiration_time ) {
    23592360        // Key has an expiration time that's passed
     
    23612362    }
    23622363
    2363     if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
     2364    if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
    23642365        $return  = new WP_Error( 'expired_key', __( 'Invalid key' ) );
    2365         $user_id = $row->ID;
     2366        $user_id = $user->ID;
    23662367
    23672368        /**
Note: See TracChangeset for help on using the changeset viewer.