[wp-trac] [WordPress Trac] #44601: Missing vallidations in function get_password_reset_key()
WordPress Trac
noreply at wordpress.org
Wed Jul 18 13:59:13 UTC 2018
#44601: Missing vallidations in function get_password_reset_key()
-------------------------------------+---------------------
Reporter: edocev | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.0
Component: Users | Version: 4.9.7
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+---------------------
Comment (by edocev):
Replying to [comment:1 SergeyBiryukov]:
> Hi @edocev, welcome to WordPress Trac! Thanks for the patch. A few
notes:
>
> * Validation should be done at the beginning of the function, otherwise
it still generates a few notices if invalid data is passed.
> * The `isset()` check seems redundant, as `$user` is a required
parameter. PHP already throws a warning if it's not passed.
> * The `empty()` check is redundant as well, `instanceof WP_User` should
be enough.
> * No need for a DocBlock here, as this piece of code is neither a hook
nor a separate function.
> * The error message could be a bit more clear, something like this:
> {{{
> if ( ! ( $user instanceof WP_User ) ) {
> return new WP_Error( 'invalid_user_data', __( 'Invalid user data.'
) );
> }
> }}}
Hello, thank you for the feedback! I've fixed the code and send the
updated patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44601#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list