Commit 21bcc7c836 for wordpress.org

commit 21bcc7c836a67fa0c7e214bd82119ad50036d148
Author: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date:   Tue Apr 6 18:39:10 2021 +0000

    Login and Registration: Check if `$_GET['login']` is set before using it in `wp-login.php`.

    This avoids an "Undefined index" PHP notice displayed as part of password reset process if `$_GET['key']` is set, but `$_GET['login']` is not.

    Props satrancali.
    Fixes #52980.
    Built from https://develop.svn.wordpress.org/trunk@50677


    git-svn-id: http://core.svn.wordpress.org/trunk@50286 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-includes/version.php b/wp-includes/version.php
index 243dd645f3..303bb006f7 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.8-alpha-50670';
+$wp_version = '5.8-alpha-50677';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-login.php b/wp-login.php
index c01f466dbf..11517dac21 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -807,7 +807,7 @@ switch ( $action ) {
 		list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
 		$rp_cookie       = 'wp-resetpass-' . COOKIEHASH;

-		if ( isset( $_GET['key'] ) ) {
+		if ( isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {
 			$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
 			setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );