[wp-trac] [WordPress Trac] #43667: signup_nonce_check does not use wp_verify_nonce.
WordPress Trac
noreply at wordpress.org
Fri Apr 13 15:29:54 UTC 2018
#43667: signup_nonce_check does not use wp_verify_nonce.
--------------------------------------+------------------------
Reporter: herregroen | Owner: flixos90
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 5.0
Component: Login and Registration | Version: trunk
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests | Focuses: multisite
--------------------------------------+------------------------
Changes (by flixos90):
* status: reviewing => closed
* resolution: => fixed
Comment:
In [changeset:"42976" 42976]:
{{{
#!CommitTicketReference repository="" revision="42976"
Multisite: Verify the signup nonce using `wp_verify_nonce()` in
`signup_nonce_check()`.
Prior to this change, the nonce passed from `wp-signup.php` was verified
with a simple comparison. Furthermore in case of failures, `wp_die()`
would be called right during the HTML markup being already printed. Now
the error message is returned properly, modifying the `WP_Error` object in
the passed `$result`.
Props herregroen.
Fixes #43667.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43667#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list