User: Don't continue checking a password reset key, if the hash is empty.

An empty reset key hash will never be valid, so we can skip seeing if it can be used to validate the given key, and return a failure early. This fixes a warning in the unit tests under HHVM. See #33926. Built from https://develop.svn.wordpress.org/trunk@36084 git-svn-id: http://core.svn.wordpress.org/trunk@36049 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-25 06:14:58 +02:00 · 2015-12-24 02:49:26 +00:00 · 2015-12-24 02:49:26 +00:00 · f9bba421b5
commit f9bba421b5
parent bd1d11b3cf
2 changed files with 5 additions and 1 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@ -2060,6 +2060,10 @@ function check_password_reset_key($key, $login) {
 		$expiration_time = false;
 	}

+	if ( ! $pass_key ) {
+		return new WP_Error( 'invalid_key', __( 'Invalid key' ) );
+	}
+
 	$hash_is_correct = $wp_hasher->CheckPassword( $key, $pass_key );

 	if ( $hash_is_correct && $expiration_time && time() < $expiration_time ) {
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.5-alpha-36083';
+$wp_version = '4.5-alpha-36084';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.