[wp-trac] [WordPress Trac] #44901: Die earlier if confirm_key missing, no need to execute wp_validate_user_request_key
WordPress Trac
noreply at wordpress.org
Wed Sep 5 22:03:20 UTC 2018
#44901: Die earlier if confirm_key missing, no need to execute
wp_validate_user_request_key
-----------------------------+------------------------------
Reporter: garrett-eclipse | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by birgire):
Hi @garrett-eclipse, your code rearrangements looks more readable imho,
but from the code link, it seems that {{{wp_validate_user_request_key()}}}
does not run if {{{confirm_key}}} is missing, because it's wrapped inside
the if check:
{{{
if ( isset( $_GET['confirm_key'] ) ) {
$key = sanitize_text_field( wp_unslash( $_GET['confirm_key'] )
);
$result = wp_validate_user_request_key( $request_id, $key );
} else {
$result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
}
}}}
or did I maybe misunderstand your suggestion?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44901#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list