From d2342e75d0754c798bdd7316e2b93e239a2eb29f Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Mon, 16 Jul 2018 14:14:27 +0000 Subject: [PATCH] Login and Registration: Set a better default value for `$wp_error` parameter in `login_header()`. To prevent someone from passing a string (which would not be added to a new `WP_Error` instance), check for `is_wp_error()` explicitly. Props desrosj, chetan200891, spyderbytes, lbenicio, sebastien@thivinfo.com, abdullahramzan. Merges [43457] to the 4.9 branch. Fixes #44052. Built from https://develop.svn.wordpress.org/branches/4.9@43458 git-svn-id: http://core.svn.wordpress.org/branches/4.9@43285 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/version.php | 2 +- wp-login.php | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/wp-includes/version.php b/wp-includes/version.php index bfb83d5708..08a7f07637 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.8-alpha-43456'; +$wp_version = '4.9.8-alpha-43458'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-login.php b/wp-login.php index 95c046f8a3..ffd86c1e20 100644 --- a/wp-login.php +++ b/wp-login.php @@ -28,9 +28,9 @@ if ( force_ssl_admin() && ! is_ssl() ) { * @param string $title Optional. WordPress login Page title to display in the `` element. * Default 'Log In'. * @param string $message Optional. Message to display in header. Default empty. - * @param WP_Error $wp_error Optional. The error to pass. Default empty. + * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. */ -function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { +function login_header( $title = 'Log In', $message = '', $wp_error = null ) { global $error, $interim_login, $action; // Don't index any of these forms @@ -38,8 +38,9 @@ function login_header( $title = 'Log In', $message = '', $wp_error = '' ) { add_action( 'login_head', 'wp_login_viewport_meta' ); - if ( empty($wp_error) ) + if ( ! is_wp_error( $wp_error ) ) { $wp_error = new WP_Error(); + } // Shake it! $shake_error_codes = array( 'empty_password', 'empty_email', 'invalid_email', 'invalidcombo', 'empty_username', 'invalid_username', 'incorrect_password' );