WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

#44686 closed defect (bug) (duplicate)

Invalid return statement when request status is checked

Reported by: moikano Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.7
Component: Privacy Keywords: has-patch
Focuses: Cc:

Description

Currently in wp_validate_user_request_key(), when controls the status of request, it return a string instead a WP_Error object ( https://core.trac.wordpress.org/browser/tags/4.9.7/src/wp-includes/user.php#L3393 ).

I don't know if the message is correct too.

Now it is:

if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
        return __( 'This link has expired.' );
}

I think it would be something like:

if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
        return new WP_Error( 'user_request_error', __( 'Invalid request.' ) );
}

I think It is important because this function return bool true when all is correct and a string it is also true (if not strict checked).

Attachments (1)

44686.diff (459 bytes) - added by subrataemfluence 2 years ago.
Proposed patch

Download all attachments as: .zip

Change History (4)

#1 @subrataemfluence
2 years ago

  • Keywords needs-patch added

Hi moikano! Welcome to Trac and thank you for raising the ticket.

You have pointed out correctly. Since the return type of the function is either bool or WP_Error, anything returned from this function should not be a string!

@subrataemfluence
2 years ago

Proposed patch

#2 @subrataemfluence
2 years ago

  • Keywords has-patch added; needs-patch removed

#3 @SergeyBiryukov
2 years ago

  • Component changed from Users to Privacy
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @moikano, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #44685.

Note: See TracTickets for help on using tickets.