From 21bcc7c836a67fa0c7e214bd82119ad50036d148 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 6 Apr 2021 18:39:10 +0000 Subject: [PATCH] Login and Registration: Check if `$_GET['login']` is set before using it in `wp-login.php`. This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not. Props satrancali. Fixes #52980. Built from https://develop.svn.wordpress.org/trunk@50677 git-svn-id: http://core.svn.wordpress.org/trunk@50286 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-login.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index 243dd645f3..303bb006f7 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.8-alpha-50670'; +$wp_version = '5.8-alpha-50677'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-login.php b/wp-login.php index c01f466dbf..11517dac21 100644 --- a/wp-login.php +++ b/wp-login.php @@ -807,7 +807,7 @@ switch ( $action ) { list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); $rp_cookie = 'wp-resetpass-' . COOKIEHASH; - if ( isset( $_GET['key'] ) ) { + if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) { $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) ); setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );