[wp-trac] [WordPress Trac] #44601: Missing vallidations in function get_password_reset_key()

WordPress Trac noreply at wordpress.org
Wed Jul 18 13:01:48 UTC 2018


#44601: Missing vallidations in function  get_password_reset_key()
-------------------------------------+---------------------
 Reporter:  edocev                   |       Owner:  (none)
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  5.0
Component:  Users                    |     Version:  4.9.7
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-refresh  |     Focuses:
-------------------------------------+---------------------
Changes (by SergeyBiryukov):

 * keywords:  has-patch => has-patch needs-refresh
 * milestone:  Awaiting Review => 5.0


Comment:

 Hi @edocev, welcome to WordPress Trac! Thanks for the patch. A few notes:

 * Validation should be done at the beginning of the function, otherwise it
 still generates a few notices if invalid data is passed.
 * The `isset()` check seems redundant, as `$user` is a required parameter.
 PHP already throws a warning if it's not passed.
 * The `empty()` check is redundant as well, `instanceof WP_User` should be
 enough.
 * No need for a DocBlock here, as this piece of code is neither a hook nor
 a separate function.
 * The error message could be a bit more clear, something like this:
 {{{
 if ( ! ( $user instanceof WP_User ) ) {
         return new WP_Error( 'invalid_user_data', __( 'Invalid user data.'
 ) );
 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44601#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list