Login and Registration: Check that post_password is a string in `wp…

…-login.php`. This prevents a fatal error if an array is passed instead. Follow-up to [19925], [34909], [58023]. Props dd32, swissspidy. Fixes #61136. git-svn-id: https://develop.svn.wordpress.org/trunk@58093 602fd350-edb4-49c9-b593-d223f7449a82
WordPress · May 4, 2024 · 3b7e433 · 3b7e433
1 parent ef229d9
commit 3b7e433
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/wp-login.php b/src/wp-login.php
@@ -753,7 +753,7 @@ function wp_login_viewport_meta() {
  break;
 
  case 'postpass':
- if ( ! array_key_exists( 'post_password', $_POST ) ) {
+ if ( ! isset( $_POST['post_password'] ) || ! is_string( $_POST['post_password'] ) ) {
  wp_safe_redirect( wp_get_referer() );
  exit;
  }