Permalink
Browse files

Return error if nonce doesn't match

An invalid nonce should never reach the identity_url checking code, which
allows a user to login.
  • Loading branch information...
fuzzie committed Jul 18, 2016
1 parent c664ff5 commit f705e8e325ac6ed967f5cd589e37eb9f9aa8e02e
Showing with 1 addition and 0 deletions.
  1. +1 −0 login.php
@@ -37,6 +37,7 @@ function openid_authenticate($user) {
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], 'openid_login_' . md5($identity_url)) ) {
$user = new WP_Error('openid_login_error', __('Error during OpenID authentication. Please try again. (invalid nonce)', 'openid'));
return $user;
}
if ( $identity_url ) {

0 comments on commit f705e8e

Please sign in to comment.