WordPress.org

Make WordPress Core

Changeset 50677


Ignore:
Timestamp:
04/06/2021 06:37:06 PM (2 weeks ago)
Author:
SergeyBiryukov
Message:

Login and Registration: Check if $_GET['login'] is set before using it in wp-login.php.

This avoids an "Undefined index" PHP notice displayed as part of password reset process if $_GET['key'] is set, but $_GET['login'] is not.

Props satrancali.
Fixes #52980.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r50654 r50677  
    808808        $rp_cookie       = 'wp-resetpass-' . COOKIEHASH;
    809809
    810         if ( isset( $_GET['key'] ) ) {
     810        if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
    811811            $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
    812812            setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
Note: See TracChangeset for help on using the changeset viewer.