WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 3 years ago

#29060 closed defect (bug) (fixed)

Don't pass around the resetpass key

Reported by: nacin Owned by: nacin
Milestone: 3.9.2 Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:
PR Number:

Description

We should transfer it to a cookie instead and clear it when done.

Attachments (1)

29060.diff (1.1 KB) - added by mdawaffe 5 years ago.

Download all attachments as: .zip

Change History (10)

#1 @nacin
5 years ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In 29327:

Don't pass around the password reset key.

props mdawaffe.
fixes #29060.

#2 follow-up: @SergeyBiryukov
5 years ago

Should we check if $_COOKIE[ $rp_cookie ] is set?

I see warnings if I visit wp-login.php?action=rp directly:

Notice: Undefined index: wp-resetpass-... in wp-login.php on line 571
Notice: Undefined offset: 1 in wp-login.php on line 571

Warning: Cannot modify header information - headers already sent by (output started at wp-login.php:571) in wp-login.php on line 576
Warning: Cannot modify header information - headers already sent by (output started at wp-login.php:571) in wp-includes\pluggable.php on line 1173

@mdawaffe
5 years ago

#3 in reply to: ↑ 2 @mdawaffe
5 years ago

Replying to SergeyBiryukov:

Should we check if $_COOKIE[ $rp_cookie ] is set?

We can get rid of the notices with attachment:29060.diff. Care to test it out @SergeyBiryukov?

#4 @SergeyBiryukov
5 years ago

In 29381:

Avoid PHP notices in wp-login.php if password reset cookie is not set.

props mdawaffe.
see #29060.

#5 @nacin
5 years ago

In 29394:

Don't pass around the password reset key.

Merges [29327] and [29381] to the 3.9 branch.

props mdawaffe.
fixes #29060.

#6 @nacin
5 years ago

In 29395:

Don't pass around the password reset key.

Merges [29327] and [29381] to the 3.9 branch.

props mdawaffe.
fixes #29060.

#7 @nacin
5 years ago

In 29396:

Don't pass around the password reset key.

Merges [29327] and [29381] to the 3.7 branch.

props mdawaffe.
fixes #29060.

#8 @nacin
5 years ago

  • Milestone changed from 4.0 to 3.9.2

#9 @jfarthing84
3 years ago

@nacin I know I'm 2 years late to asking but can I get an explanation as to why this change was made?

Note: See TracTickets for help on using tickets.