2.8.4

git-svn-id: http://svn.automattic.com/wordpress/tags/2.8.4@11806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Bump
2009-08-12 01:00:21 +00:00 · 2009-08-12 00:41:44 +00:00 · 2009-08-11 06:03:45 +00:00 · 2009-08-11 05:31:28 +00:00 · 2009-08-11 04:53:57 +00:00
3 changed files with 11 additions and 8 deletions
--- a/readme.html
+++ b/readme.html
@@ -8,7 +8,7 @@
 <body>
 <h1 id="logo" style="text-align: center">
 	<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
-	<br /> Version 2.8.3
+	<br /> Version 2.8.4
 </h1>
 <p style="text-align: center">Semantic Personal Publishing Platform</p>

@@ -29,7 +29,7 @@

 <h1>Upgrading</h1>
 <p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8.3:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
 <ol>
 	<li>Delete your old WP files, saving ones you've modified.</li>
 	<li>Upload the new files.</li>
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -8,7 +8,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '2.8.3';
+$wp_version = '2.8.4';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-login.php
+++ b/wp-login.php
@@ -161,7 +161,7 @@ function retrieve_password() {
 	$message .= get_option('siteurl') . "\r\n\r\n";
 	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
 	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
-	$message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
+	$message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";

 	$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));

@@ -182,15 +182,18 @@ function retrieve_password() {
 * @param string $key Hash to validate sending user's password
 * @return bool|WP_Error
 */
-function reset_password($key) {
+function reset_password($key, $login) {
 	global $wpdb;

 	$key = preg_replace('/[^a-z0-9]/i', '', $key);

-	if ( empty( $key ) )
+	if ( empty( $key ) || !is_string( $key ) )
 		return new WP_Error('invalid_key', __('Invalid key'));

-	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
+	if ( empty($login) || !is_string($login) )
+		return new WP_Error('invalid_key', __('Invalid key'));
+
+	$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
 	if ( empty( $user ) )
 		return new WP_Error('invalid_key', __('Invalid key'));

@@ -370,7 +373,7 @@ break;

 case 'resetpass' :
 case 'rp' :
-	$errors = reset_password($_GET['key']);
+	$errors = reset_password($_GET['key'], $_GET['login']);

 	if ( ! is_wp_error($errors) ) {
 		wp_redirect('wp-login.php?checkemail=newpass');
Author	SHA1	Message	Date
ryan	95841f7fd5	2.8.4 git-svn-id: http://svn.automattic.com/wordpress/tags/2.8.4@11806 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2009-08-12 01:00:21 +00:00
ryan	fbe5e94e96	Bump git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11805 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2009-08-12 00:41:44 +00:00
ryan	8e3d139cd3	Pass user login when resetting passwords. git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11804 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2009-08-11 06:03:45 +00:00
ryan	a547527125	Enforce activation key to be a string. git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11800 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2009-08-11 05:31:28 +00:00
ryan	260fe48798	Reject activation keys that are arrays. git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11798 1a063a9b-81f0-0310-95a4-ce76da25c4cd	2009-08-11 04:53:57 +00:00