WordPress.org

Make WordPress Core

Changes from tags/2.8.3 at r11806 to tags/2.8.4 at r11806


Ignore:
Location:
tags/2.8.4
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • tags/2.8.4/readme.html

    r11806 r11806  
    99<h1 id="logo" style="text-align: center"> 
    1010    <img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /> 
    11     <br /> Version 2.8.3 
     11    <br /> Version 2.8.4 
    1212</h1> 
    1313<p style="text-align: center">Semantic Personal Publishing Platform</p> 
     
    3030<h1>Upgrading</h1> 
    3131<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p> 
    32 <h2>Upgrading from any previous WordPress to 2.8.3:</h2> 
     32<h2>Upgrading from any previous WordPress to 2.8.4:</h2> 
    3333<ol> 
    3434    <li>Delete your old WP files, saving ones you've modified.</li> 
  • tags/2.8.4/wp-includes/version.php

    r11806 r11806  
    99 * @global string $wp_version 
    1010 */ 
    11 $wp_version = '2.8.3'; 
     11$wp_version = '2.8.4'; 
    1212 
    1313/** 
  • tags/2.8.4/wp-login.php

    r11806 r11806  
    162162    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n"; 
    163163    $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n"; 
    164     $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n"; 
     164    $message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n"; 
    165165 
    166166    $title = sprintf(__('[%s] Password Reset'), get_option('blogname')); 
     
    183183 * @return bool|WP_Error 
    184184 */ 
    185 function reset_password($key) { 
     185function reset_password($key, $login) { 
    186186    global $wpdb; 
    187187 
    188188    $key = preg_replace('/[^a-z0-9]/i', '', $key); 
    189189 
    190     if ( empty( $key ) ) 
     190    if ( empty( $key ) || !is_string( $key ) ) 
    191191        return new WP_Error('invalid_key', __('Invalid key')); 
    192192 
    193     $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 
     193    if ( empty($login) || !is_string($login) ) 
     194        return new WP_Error('invalid_key', __('Invalid key')); 
     195 
     196    $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login)); 
    194197    if ( empty( $user ) ) 
    195198        return new WP_Error('invalid_key', __('Invalid key')); 
     
    371374case 'resetpass' : 
    372375case 'rp' : 
    373     $errors = reset_password($_GET['key']); 
     376    $errors = reset_password($_GET['key'], $_GET['login']); 
    374377 
    375378    if ( ! is_wp_error($errors) ) { 
Note: See TracChangeset for help on using the changeset viewer.