From 86eb60b3073833f99ad50fad7cb56ee01b7877dd Mon Sep 17 00:00:00 2001 From: desrosj Date: Tue, 19 Mar 2019 02:38:48 +0000 Subject: [PATCH] Privacy: Remove unnecessary `WP_Error` when handling `confirmaction` requests. By reordering the logic when handling the `confirmaction` action in `wp-login.php`, the need for a new `WP_Error` object to be created can be eliminated. The error message can be passed directly into a `wp_die()` call, matching the other validation errors in related code. Props garrett-eclipse, birgire. Fixes #44901. Built from https://develop.svn.wordpress.org/trunk@44931 git-svn-id: http://core.svn.wordpress.org/trunk@44762 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-login.php | 15 +++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index 4c329ea967..f08f2d74c6 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.2-alpha-44930'; +$wp_version = '5.2-alpha-44931'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-login.php b/wp-login.php index b02a2b9e70..464e4ed73f 100644 --- a/wp-login.php +++ b/wp-login.php @@ -853,17 +853,16 @@ switch ( $action ) { case 'confirmaction': if ( ! isset( $_GET['request_id'] ) ) { - wp_die( __( 'Invalid request.' ) ); + wp_die( __( 'Missing request ID.' ) ); + } + + if ( ! isset( $_GET['confirm_key'] ) ) { + wp_die( __( 'Missing confirm key.' ) ); } $request_id = (int) $_GET['request_id']; - - if ( isset( $_GET['confirm_key'] ) ) { - $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); - $result = wp_validate_user_request_key( $request_id, $key ); - } else { - $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) ); - } + $key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) ); + $result = wp_validate_user_request_key( $request_id, $key ); if ( is_wp_error( $result ) ) { wp_die( $result );