From 924343c8fc1b5878b865aa9109bdca05852470b8 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Tue, 6 Apr 2021 18:37:06 +0000
Subject: [PATCH] Login and Registration: Check if `$_GET['login']` is set
 before using it in `wp-login.php`.

This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not.

Props satrancali.
Fixes #52980.

git-svn-id: https://develop.svn.wordpress.org/trunk@50677 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-login.php b/src/wp-login.php
index c01f466dbf..11517dac21 100644
--- a/src/wp-login.php
+++ b/src/wp-login.php
@@ -807,7 +807,7 @@ switch ( $action ) {
 		list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
 		$rp_cookie       = 'wp-resetpass-' . COOKIEHASH;
 
-		if ( isset( $_GET['key'] ) ) {
+		if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
 			$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
 			setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );