Changeset 44931

Timestamp:

03/19/2019 02:37:38 AM (6 years ago)

Author:

desrosj

Message:

Privacy: Remove unnecessary WP_Error when handling confirmaction requests.

By reordering the logic when handling the confirmaction action in wp-login.php, the need for a new WP_Error object to be created can be eliminated. The error message can be passed directly into a wp_die() call, matching the other validation errors in related code.

Props garrett-eclipse, birgire.
Fixes #44901.

File:

• trunk/src/wp-login.php (modified) (1 diff)

trunk/src/wp-login.php

@@ -854 +854 @@
     case 'confirmaction':
         if ( ! isset( $_GET['request_id'] ) ) {
-            wp_die( __( 'Invalid request.' ) );
+            wp_die( __( 'Missing request ID.' ) );
+        }
+
+        if ( ! isset( $_GET['confirm_key'] ) ) {
+            wp_die( __( 'Missing confirm key.' ) );
         }
 
         $request_id = (int) $_GET['request_id'];
-
-        if ( isset( $_GET['confirm_key'] ) ) {
-            $key    = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
-            $result = wp_validate_user_request_key( $request_id, $key );
-        } else {
-            $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
-        }
+        $key        = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
+        $result     = wp_validate_user_request_key( $request_id, $key );
 
         if ( is_wp_error( $result ) ) {