WordPress.org

Make WordPress Core

Changeset 44931


Ignore:
Timestamp:
03/19/2019 02:37:38 AM (3 months ago)
Author:
desrosj
Message:

Privacy: Remove unnecessary WP_Error when handling confirmaction requests.

By reordering the logic when handling the confirmaction action in wp-login.php, the need for a new WP_Error object to be created can be eliminated. The error message can be passed directly into a wp_die() call, matching the other validation errors in related code.

Props garrett-eclipse, birgire.
Fixes #44901.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r44918 r44931  
    854854    case 'confirmaction':
    855855        if ( ! isset( $_GET['request_id'] ) ) {
    856             wp_die( __( 'Invalid request.' ) );
     856            wp_die( __( 'Missing request ID.' ) );
     857        }
     858
     859        if ( ! isset( $_GET['confirm_key'] ) ) {
     860            wp_die( __( 'Missing confirm key.' ) );
    857861        }
    858862
    859863        $request_id = (int) $_GET['request_id'];
    860 
    861         if ( isset( $_GET['confirm_key'] ) ) {
    862             $key    = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
    863             $result = wp_validate_user_request_key( $request_id, $key );
    864         } else {
    865             $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
    866         }
     864        $key        = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
     865        $result     = wp_validate_user_request_key( $request_id, $key );
    867866
    868867        if ( is_wp_error( $result ) ) {
Note: See TracChangeset for help on using the changeset viewer.