WordPress.org

Make WordPress Core

Changeset 45716


Ignore:
Timestamp:
08/01/2019 07:18:28 PM (14 months ago)
Author:
SergeyBiryukov
Message:

Users: Replace raw SQL query in check_password_reset_key() with get_user_by().

Props davidbaumwald, iworks, spacedmonkey.
Fixes #45845.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r45715 r45716  
    23722372    }
    23732373
    2374     $row = $wpdb->get_row( $wpdb->prepare( "SELECT ID, user_activation_key FROM $wpdb->users WHERE user_login = %s", $login ) );
    2375     if ( ! $row ) {
     2374    $user = get_user_by( 'login', $login );
     2375
     2376    if ( ! $user ) {
    23762377        return new WP_Error( 'invalid_key', __( 'Invalid key.' ) );
    23772378    }
     
    23912392    $expiration_duration = apply_filters( 'password_reset_expiration', DAY_IN_SECONDS );
    23922393
    2393     if ( false !== strpos( $row->user_activation_key, ':' ) ) {
    2394         list( $pass_request_time, $pass_key ) = explode( ':', $row->user_activation_key, 2 );
     2394    if ( false !== strpos( $user->user_activation_key, ':' ) ) {
     2395        list( $pass_request_time, $pass_key ) = explode( ':', $user->user_activation_key, 2 );
    23952396        $expiration_time                      = $pass_request_time + $expiration_duration;
    23962397    } else {
    2397         $pass_key        = $row->user_activation_key;
     2398        $pass_key        = $user->user_activation_key;
    23982399        $expiration_time = false;
    23992400    }
     
    24062407
    24072408    if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
    2408         return get_userdata( $row->ID );
     2409        return $user;
    24092410    } elseif ( $hash_is_correct && $expiration_time ) {
    24102411        // Key has an expiration time that's passed
     
    24122413    }
    24132414
    2414     if ( hash_equals( $row->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
     2415    if ( hash_equals( $user->user_activation_key, $key ) || ( $hash_is_correct && ! $expiration_time ) ) {
    24152416        $return  = new WP_Error( 'expired_key', __( 'Invalid key.' ) );
    2416         $user_id = $row->ID;
     2417        $user_id = $user->ID;
    24172418
    24182419        /**
Note: See TracChangeset for help on using the changeset viewer.