Make WordPress Core


Ignore:
Location:
branches/2.8
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/2.8/readme.html

    r11770 r11806  
    99<h1 id="logo" style="text-align: center">
    1010    <img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
    11     <br /> Version 2.8.3
     11    <br /> Version 2.8.4
    1212</h1>
    1313<p style="text-align: center">Semantic Personal Publishing Platform</p>
     
    3030<h1>Upgrading</h1>
    3131<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
    32 <h2>Upgrading from any previous WordPress to 2.8.3:</h2>
     32<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
    3333<ol>
    3434    <li>Delete your old WP files, saving ones you've modified.</li>
  • branches/2.8/wp-includes/version.php

    r11770 r11806  
    99 * @global string $wp_version
    1010 */
    11 $wp_version = '2.8.3';
     11$wp_version = '2.8.4';
    1212
    1313/**
  • branches/2.8/wp-login.php

    r11770 r11806  
    162162    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    163163    $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
    164     $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
     164    $message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
    165165
    166166    $title = sprintf(__('[%s] Password Reset'), get_option('blogname'));
     
    183183 * @return bool|WP_Error
    184184 */
    185 function reset_password($key) {
     185function reset_password($key, $login) {
    186186    global $wpdb;
    187187
    188188    $key = preg_replace('/[^a-z0-9]/i', '', $key);
    189189
    190     if ( empty( $key ) )
     190    if ( empty( $key ) || !is_string( $key ) )
    191191        return new WP_Error('invalid_key', __('Invalid key'));
    192192
    193     $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
     193    if ( empty($login) || !is_string($login) )
     194        return new WP_Error('invalid_key', __('Invalid key'));
     195
     196    $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
    194197    if ( empty( $user ) )
    195198        return new WP_Error('invalid_key', __('Invalid key'));
     
    371374case 'resetpass' :
    372375case 'rp' :
    373     $errors = reset_password($_GET['key']);
     376    $errors = reset_password($_GET['key'], $_GET['login']);
    374377
    375378    if ( ! is_wp_error($errors) ) {
Note: See TracChangeset for help on using the changeset viewer.