Changeset 29394 for branches/3.9
- Timestamp:
- 08/06/2014 06:36:54 AM (11 years ago)
- Location:
- branches/3.9
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.9
- Property svn:mergeinfo changed
/trunk merged: 29327,29381
- Property svn:mergeinfo changed
-
branches/3.9/src/wp-login.php
r28096 r29394 563 563 case 'resetpass' : 564 564 case 'rp' : 565 $user = check_password_reset_key($_GET['key'], $_GET['login']); 566 567 if ( is_wp_error($user) ) { 568 if ( $user->get_error_code() === 'expired_key' ) 565 list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); 566 $rp_cookie = 'wp-resetpass-' . COOKIEHASH; 567 if ( isset( $_GET['key'] ) ) { 568 $value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) ); 569 setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 570 wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) ); 571 exit; 572 } 573 574 if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { 575 list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); 576 $user = check_password_reset_key( $rp_key, $rp_login ); 577 } else { 578 $user = false; 579 } 580 581 if ( ! $user || is_wp_error( $user ) ) { 582 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 583 if ( $user && $user->get_error_code() === 'expired_key' ) 569 584 wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); 570 585 else … … 590 605 if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { 591 606 reset_password($user, $_POST['pass1']); 607 setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true ); 592 608 login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); 593 609 login_footer(); … … 601 617 602 618 ?> 603 <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass &key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">604 <input type="hidden" id="user_login" value="<?php echo esc_attr( $ _GET['login']); ?>" autocomplete="off" />619 <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off"> 620 <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" /> 605 621 606 622 <p>
Note: See TracChangeset
for help on using the changeset viewer.