[wp-trac] [WordPress Trac] #44601: Missing vallidations in function get_password_reset_key()
WordPress Trac
noreply at wordpress.org
Wed Jul 18 13:01:48 UTC 2018
#44601: Missing vallidations in function get_password_reset_key()
-------------------------------------+---------------------
Reporter: edocev | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.0
Component: Users | Version: 4.9.7
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+---------------------
Changes (by SergeyBiryukov):
* keywords: has-patch => has-patch needs-refresh
* milestone: Awaiting Review => 5.0
Comment:
Hi @edocev, welcome to WordPress Trac! Thanks for the patch. A few notes:
* Validation should be done at the beginning of the function, otherwise it
still generates a few notices if invalid data is passed.
* The `isset()` check seems redundant, as `$user` is a required parameter.
PHP already throws a warning if it's not passed.
* The `empty()` check is redundant as well, `instanceof WP_User` should be
enough.
* No need for a DocBlock here, as this piece of code is neither a hook nor
a separate function.
* The error message could be a bit more clear, something like this:
{{{
if ( ! ( $user instanceof WP_User ) ) {
return new WP_Error( 'invalid_user_data', __( 'Invalid user data.'
) );
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44601#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list