Privacy: Remove unnecessary `WP_Error` when handling `confirmaction` requests.

By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code. Props garrett-eclipse, birgire. Fixes #44901. Built from https://develop.svn.wordpress.org/trunk@44931 git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-19 02:38:48 +00:00 · 2019-03-19 02:38:48 +00:00 · 86eb60b307
parent 38589e14e2
commit 86eb60b307
2 changed files with 8 additions and 9 deletions
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.2-alpha-44930';
+$wp_version = '5.2-alpha-44931';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-login.php
+++ b/wp-login.php
@ -853,17 +853,16 @@ switch ( $action ) {

 	case 'confirmaction':
 		if ( ! isset( $_GET['request_id'] ) ) {
-			wp_die( __( 'Invalid request.' ) );
+			wp_die( __( 'Missing request ID.' ) );
+		}
+
+		if ( ! isset( $_GET['confirm_key'] ) ) {
+			wp_die( __( 'Missing confirm key.' ) );
 		}

 		$request_id = (int) $_GET['request_id'];
-
-		if ( isset( $_GET['confirm_key'] ) ) {
-			$key    = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
-			$result = wp_validate_user_request_key( $request_id, $key );
-		} else {
-			$result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
-		}
+		$key 		= sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
+		$result 	= wp_validate_user_request_key( $request_id, $key );

 		if ( is_wp_error( $result ) ) {
 			wp_die( $result );