From 2d745fabe357002284d619d11d3ce106380a7307 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Wed, 7 Oct 2015 14:30:25 +0000 Subject: [PATCH] Prevent a PHP notice from appearing on `wp-login.php?action=postpass` when there's no `$_POST['post_password']` parameter. Redirects to the referer if there is one (if there isn't one it'll just exit with a blank screen; no need for a user-friendly error message here). Fixes #34160 Props iamfriendly Built from https://develop.svn.wordpress.org/trunk@34909 git-svn-id: http://core.svn.wordpress.org/trunk@34874 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-login.php | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index 1ea756f11c..39f9be0c72 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34908'; +$wp_version = '4.4-alpha-34909'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-login.php b/wp-login.php index 8f676d7d8a..350363dabe 100644 --- a/wp-login.php +++ b/wp-login.php @@ -472,6 +472,11 @@ $interim_login = isset($_REQUEST['interim-login']); switch ($action) { case 'postpass' : + if ( ! array_key_exists( 'post_password', $_POST ) ) { + wp_safe_redirect( wp_get_referer() ); + exit(); + } + require_once ABSPATH . WPINC . '/class-phpass.php'; $hasher = new PasswordHash( 8, true );