Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
5577e024a5 |
@@ -9,7 +9,7 @@
|
||||
<body>
|
||||
<h1 id="logo">
|
||||
<a href="http://wordpress.org/"><img alt="WordPress" src="wp-admin/images/wordpress-logo.png" /></a>
|
||||
<br /> Version 3.8.5
|
||||
<br /> Version 3.8.2
|
||||
</h1>
|
||||
<p style="text-align: center">Semantic Personal Publishing Platform</p>
|
||||
|
||||
|
||||
@@ -39,19 +39,7 @@ include( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
</h2>
|
||||
|
||||
<div class="changelog point-releases">
|
||||
<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 4 ); ?></h3>
|
||||
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
|
||||
'<strong>Version %1$s</strong> addressed some security issues.', 8 ), '3.8.5', number_format_i18n( 8 ) ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.8.5' ); ?>
|
||||
</p>
|
||||
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed a security issue.',
|
||||
'<strong>Version %1$s</strong> addressed some security issues.', 5 ), '3.8.4', number_format_i18n( 5 ) ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.8.4' ); ?>
|
||||
</p>
|
||||
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed %2$s bug.',
|
||||
'<strong>Version %1$s</strong> addressed %2$s bugs.', 2 ), '3.8.3', number_format_i18n( 2 ) ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.8.3' ); ?>
|
||||
</p>
|
||||
<h3><?php echo _n( 'Maintenance and Security Release', 'Maintenance and Security Releases', 2 ); ?></h3>
|
||||
<p><?php printf( _n( '<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bug.',
|
||||
'<strong>Version %1$s</strong> addressed some security issues and fixed %2$s bugs.', 9 ), '3.8.2', number_format_i18n( 9 ) ); ?>
|
||||
<?php printf( __( 'For more information, see <a href="%s">the release notes</a>.' ), 'http://codex.wordpress.org/Version_3.8.2' ); ?>
|
||||
|
||||
@@ -316,12 +316,6 @@ function wp_read_image_metadata( $file ) {
|
||||
$meta[ $key ] = utf8_encode( $meta[ $key ] );
|
||||
}
|
||||
|
||||
foreach ( $meta as &$value ) {
|
||||
if ( is_string( $value ) ) {
|
||||
$value = wp_kses_post( $value );
|
||||
}
|
||||
}
|
||||
|
||||
return apply_filters( 'wp_read_image_metadata', $meta, $file, $sourceImageType );
|
||||
|
||||
}
|
||||
|
||||
@@ -203,6 +203,10 @@ function edit_post( $post_data = null ) {
|
||||
_wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) );
|
||||
}
|
||||
|
||||
if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
|
||||
$post_data['post_status'] = 'draft';
|
||||
}
|
||||
|
||||
if ( isset($post_data['visibility']) ) {
|
||||
switch ( $post_data['visibility'] ) {
|
||||
case 'public' :
|
||||
@@ -223,10 +227,6 @@ function edit_post( $post_data = null ) {
|
||||
if ( is_wp_error($post_data) )
|
||||
wp_die( $post_data->get_error_message() );
|
||||
|
||||
if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
|
||||
$post_data['post_status'] = 'draft';
|
||||
}
|
||||
|
||||
// Post Formats
|
||||
if ( isset( $post_data['post_format'] ) )
|
||||
set_post_format( $post_ID, $post_data['post_format'] );
|
||||
@@ -411,12 +411,7 @@ function bulk_edit_posts( $post_data = null ) {
|
||||
}
|
||||
|
||||
$updated = $skipped = $locked = array();
|
||||
$shared_post_data = $post_data;
|
||||
|
||||
foreach ( $post_IDs as $post_ID ) {
|
||||
// Start with fresh post data with each iteration.
|
||||
$post_data = $shared_post_data;
|
||||
|
||||
$post_type_object = get_post_type_object( get_post_type( $post_ID ) );
|
||||
|
||||
if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
|
||||
@@ -465,13 +460,13 @@ function bulk_edit_posts( $post_data = null ) {
|
||||
$post_data['ID'] = $post_ID;
|
||||
$post_data['post_ID'] = $post_ID;
|
||||
|
||||
$post_data = _wp_translate_postdata( true, $post_data );
|
||||
if ( is_wp_error( $post_data ) ) {
|
||||
$translated_post_data = _wp_translate_postdata( true, $post_data );
|
||||
if ( is_wp_error( $translated_post_data ) ) {
|
||||
$skipped[] = $post_ID;
|
||||
continue;
|
||||
}
|
||||
|
||||
$updated[] = wp_update_post( $post_data );
|
||||
$updated[] = wp_update_post( $translated_post_data );
|
||||
|
||||
if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
|
||||
if ( 'sticky' == $post_data['sticky'] )
|
||||
|
||||
@@ -411,9 +411,6 @@ function upgrade_all() {
|
||||
if ( $wp_current_db_version < 26691 )
|
||||
upgrade_380();
|
||||
|
||||
if ( $wp_current_db_version < 26692 )
|
||||
upgrade_383();
|
||||
|
||||
maybe_disable_link_manager();
|
||||
|
||||
maybe_disable_automattic_widgets();
|
||||
@@ -1254,36 +1251,6 @@ function upgrade_380() {
|
||||
deactivate_plugins( array( 'mp6/mp6.php' ), true );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute changes made in WordPress 3.8.3.
|
||||
*
|
||||
* @since 3.8.3
|
||||
*/
|
||||
function upgrade_383() {
|
||||
global $wp_current_db_version, $wpdb;
|
||||
if ( $wp_current_db_version < 26692 ) {
|
||||
// Find all lost Quick Draft auto-drafts and promote them to proper drafts.
|
||||
$posts = $wpdb->get_results( "SELECT ID, post_title, post_content FROM $wpdb->posts WHERE post_type = 'post'
|
||||
AND post_status = 'auto-draft' AND post_date >= '2014-04-08 00:00:00'" );
|
||||
|
||||
foreach ( $posts as $post ) {
|
||||
// A regular auto-draft should never have content as that would mean it should have been promoted.
|
||||
// If an auto-draft has content, it's from Quick Draft and it should be recovered.
|
||||
if ( '' === $post->post_content ) {
|
||||
// If it does not have content, we must evaluate whether the title should be recovered.
|
||||
if ( 'Auto Draft' === $post->post_title || __( 'Auto Draft' ) === $post->post_title ) {
|
||||
// This a plain old auto draft. Ignore it.
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
$wpdb->update( $wpdb->posts, array( 'post_status' => 'draft' ), array( 'ID' => $post->ID ) );
|
||||
clean_post_cache( $post->ID );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute network level changes
|
||||
*
|
||||
|
||||
@@ -65,7 +65,7 @@ function press_it() {
|
||||
// error handling for media_sideload
|
||||
if ( is_wp_error($upload) ) {
|
||||
wp_delete_post($post_ID);
|
||||
wp_die( esc_html( $upload->get_error_message() ) );
|
||||
wp_die($upload);
|
||||
} else {
|
||||
// Post formats
|
||||
if ( isset( $_POST['post_format'] ) ) {
|
||||
|
||||
@@ -519,12 +519,11 @@ class getid3_lib
|
||||
}
|
||||
|
||||
public static function XML2array($XMLstring) {
|
||||
if ( function_exists( 'simplexml_load_string' ) && function_exists( 'libxml_disable_entity_loader' ) ) {
|
||||
$loader = libxml_disable_entity_loader( true );
|
||||
$XMLobject = simplexml_load_string( $XMLstring, 'SimpleXMLElement', LIBXML_NOENT );
|
||||
$return = self::SimpleXMLelement2array( $XMLobject );
|
||||
libxml_disable_entity_loader( $loader );
|
||||
return $return;
|
||||
if (function_exists('simplexml_load_string')) {
|
||||
if (function_exists('get_object_vars')) {
|
||||
$XMLobject = simplexml_load_string($XMLstring);
|
||||
return self::SimpleXMLelement2array($XMLobject);
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -203,37 +203,11 @@ class IXR_Message
|
||||
{
|
||||
// first remove the XML declaration
|
||||
// merged from WP #10698 - this method avoids the RAM usage of preg_replace on very large messages
|
||||
$header = preg_replace( '/<\?xml.*?\?'.'>/s', '', substr( $this->message, 0, 100 ), 1 );
|
||||
$this->message = trim( substr_replace( $this->message, $header, 0, 100 ) );
|
||||
if ( '' == $this->message ) {
|
||||
$header = preg_replace( '/<\?xml.*?\?'.'>/', '', substr($this->message, 0, 100), 1);
|
||||
$this->message = substr_replace($this->message, $header, 0, 100);
|
||||
if (trim($this->message) == '') {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Then remove the DOCTYPE
|
||||
$header = preg_replace( '/^<!DOCTYPE[^>]*+>/i', '', substr( $this->message, 0, 200 ), 1 );
|
||||
$this->message = trim( substr_replace( $this->message, $header, 0, 200 ) );
|
||||
if ( '' == $this->message ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check that the root tag is valid
|
||||
$root_tag = substr( $this->message, 0, strcspn( substr( $this->message, 0, 20 ), "> \t\r\n" ) );
|
||||
if ( '<!DOCTYPE' === strtoupper( $root_tag ) ) {
|
||||
return false;
|
||||
}
|
||||
if ( ! in_array( $root_tag, array( '<methodCall', '<methodResponse', '<fault' ) ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Bail if there are too many elements to parse
|
||||
$element_limit = 30000;
|
||||
if ( function_exists( 'apply_filters' ) ) {
|
||||
$element_limit = apply_filters( 'xmlrpc_element_limit', $element_limit );
|
||||
}
|
||||
if ( $element_limit && 2 * $element_limit < substr_count( $this->message, '<' ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->_parser = xml_parser_create();
|
||||
// Set XML parser to take the case of tags in to account
|
||||
xml_parser_set_option($this->_parser, XML_OPTION_CASE_FOLDING, false);
|
||||
|
||||
@@ -214,10 +214,6 @@ class PasswordHash {
|
||||
|
||||
function HashPassword($password)
|
||||
{
|
||||
if ( strlen( $password ) > 4096 ) {
|
||||
return '*';
|
||||
}
|
||||
|
||||
$random = '';
|
||||
|
||||
if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
|
||||
@@ -253,10 +249,6 @@ class PasswordHash {
|
||||
|
||||
function CheckPassword($password, $stored_hash)
|
||||
{
|
||||
if ( strlen( $password ) > 4096 ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$hash = $this->crypt_private($password, $stored_hash);
|
||||
if ($hash[0] == '*')
|
||||
$hash = crypt($password, $stored_hash);
|
||||
|
||||
@@ -94,32 +94,3 @@ if ( !function_exists('json_decode') ) {
|
||||
return is_array($data) ? array_map(__FUNCTION__, $data) : $data;
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! function_exists( 'hash_equals' ) ) :
|
||||
/**
|
||||
* Compare two strings in constant time.
|
||||
*
|
||||
* This function was added in PHP 5.6.
|
||||
* It can leak the length of a string.
|
||||
*
|
||||
* @since 3.9.2
|
||||
*
|
||||
* @param string $a Expected string.
|
||||
* @param string $b Actual string.
|
||||
* @return bool Whether strings are equal.
|
||||
*/
|
||||
function hash_equals( $a, $b ) {
|
||||
$a_length = strlen( $a );
|
||||
if ( $a_length !== strlen( $b ) ) {
|
||||
return false;
|
||||
}
|
||||
$result = 0;
|
||||
|
||||
// Do not attempt to "optimize" this.
|
||||
for ( $i = 0; $i < $a_length; $i++ ) {
|
||||
$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
|
||||
}
|
||||
|
||||
return $result === 0;
|
||||
}
|
||||
endif;
|
||||
@@ -121,14 +121,7 @@ function wptexturize($text) {
|
||||
$no_texturize_tags_stack = array();
|
||||
$no_texturize_shortcodes_stack = array();
|
||||
|
||||
// Look for shortcodes and HTML elements.
|
||||
|
||||
$shortcode_regex =
|
||||
'\[' // Find start of shortcode.
|
||||
. '[^\[\]<>]++' // Shortcodes do not contain other shortcodes. Possessive critical.
|
||||
. '\]'; // Find end of shortcode.
|
||||
|
||||
$textarr = preg_split("/(<[^>]*>|$shortcode_regex)/s", $text, -1, PREG_SPLIT_DELIM_CAPTURE);
|
||||
$textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
|
||||
|
||||
foreach ( $textarr as &$curl ) {
|
||||
if ( empty( $curl ) )
|
||||
@@ -138,7 +131,7 @@ function wptexturize($text) {
|
||||
$first = $curl[0];
|
||||
if ( '<' === $first ) {
|
||||
_wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
|
||||
} elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) {
|
||||
} elseif ( '[' === $first ) {
|
||||
_wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
|
||||
} elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) {
|
||||
// This is not a tag, nor is the texturization disabled static strings
|
||||
@@ -179,8 +172,6 @@ function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $openi
|
||||
|
||||
array_push($stack, $matches[1]);
|
||||
}
|
||||
} elseif ( 0 == count( $stack ) ) {
|
||||
// Stack is empty. Just stop.
|
||||
} else {
|
||||
// Closing? Check $text+2 against disabled elements
|
||||
$c = preg_quote($closing, '/');
|
||||
|
||||
@@ -451,9 +451,8 @@ function send_origin_headers() {
|
||||
* @return mixed URL or false on failure.
|
||||
*/
|
||||
function wp_http_validate_url( $url ) {
|
||||
$original_url = $url;
|
||||
$url = wp_kses_bad_protocol( $url, array( 'http', 'https' ) );
|
||||
if ( ! $url || strtolower( $url ) !== strtolower( $original_url ) )
|
||||
if ( ! $url )
|
||||
return false;
|
||||
|
||||
$parsed_url = @parse_url( $url );
|
||||
@@ -463,7 +462,7 @@ function wp_http_validate_url( $url ) {
|
||||
if ( isset( $parsed_url['user'] ) || isset( $parsed_url['pass'] ) )
|
||||
return false;
|
||||
|
||||
if ( false !== strpbrk( $parsed_url['host'], ':#?[]' ) )
|
||||
if ( false !== strpos( $parsed_url['host'], ':' ) )
|
||||
return false;
|
||||
|
||||
$parsed_home = @parse_url( get_option( 'home' ) );
|
||||
@@ -481,7 +480,8 @@ function wp_http_validate_url( $url ) {
|
||||
}
|
||||
if ( $ip ) {
|
||||
$parts = array_map( 'intval', explode( '.', $ip ) );
|
||||
if ( 127 === $parts[0] || 10 === $parts[0]
|
||||
if ( '127.0.0.1' === $ip
|
||||
|| ( 10 === $parts[0] )
|
||||
|| ( 172 === $parts[0] && 16 <= $parts[1] && 31 >= $parts[1] )
|
||||
|| ( 192 === $parts[0] && 168 === $parts[1] )
|
||||
) {
|
||||
|
||||
@@ -1407,7 +1407,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
|
||||
$css = wp_kses_no_null($css);
|
||||
$css = str_replace(array("\n","\r","\t"), '', $css);
|
||||
|
||||
if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
|
||||
if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
|
||||
return '';
|
||||
|
||||
$css_array = explode( ';', trim( $css ) );
|
||||
|
||||
@@ -543,7 +543,7 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') {
|
||||
$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);
|
||||
$hash = hash_hmac('md5', $username . '|' . $expiration, $key);
|
||||
|
||||
if ( ! hash_equals( $hash, $hmac ) ) {
|
||||
if ( hash_hmac( 'md5', $hmac, $key ) !== hash_hmac( 'md5', $hash, $key ) ) {
|
||||
do_action('auth_cookie_bad_hash', $cookie_elements);
|
||||
return false;
|
||||
}
|
||||
@@ -1342,17 +1342,11 @@ function wp_verify_nonce($nonce, $action = -1) {
|
||||
$i = wp_nonce_tick();
|
||||
|
||||
// Nonce generated 0-12 hours ago
|
||||
$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid, 'nonce'), -12, 10 );
|
||||
if ( hash_equals( $expected, $nonce ) ) {
|
||||
if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) === $nonce )
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Nonce generated 12-24 hours ago
|
||||
$expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid, 'nonce' ), -12, 10 );
|
||||
if ( hash_equals( $expected, $nonce ) ) {
|
||||
if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) === $nonce )
|
||||
return 2;
|
||||
}
|
||||
|
||||
// Invalid nonce
|
||||
return false;
|
||||
}
|
||||
@@ -1375,7 +1369,7 @@ function wp_create_nonce($action = -1) {
|
||||
|
||||
$i = wp_nonce_tick();
|
||||
|
||||
return substr(wp_hash($i . '|' . $action . '|' . $uid, 'nonce'), -12, 10);
|
||||
return substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10);
|
||||
}
|
||||
endif;
|
||||
|
||||
@@ -1537,7 +1531,7 @@ function wp_check_password($password, $hash, $user_id = '') {
|
||||
|
||||
// If the hash is still md5...
|
||||
if ( strlen($hash) <= 32 ) {
|
||||
$check = hash_equals( $hash, md5( $password ) );
|
||||
$check = ( $hash == md5($password) );
|
||||
if ( $check && $user_id ) {
|
||||
// Rehash using new hash.
|
||||
wp_set_password($password, $user_id);
|
||||
@@ -1755,8 +1749,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
|
||||
$out = str_replace( '&', '&', esc_url( $out ) );
|
||||
$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
|
||||
} else {
|
||||
$out = esc_url( $default );
|
||||
$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
|
||||
$avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
|
||||
}
|
||||
|
||||
return apply_filters('get_avatar', $avatar, $id_or_email, $size, $default, $alt);
|
||||
@@ -1837,35 +1830,3 @@ function wp_text_diff( $left_string, $right_string, $args = null ) {
|
||||
}
|
||||
endif;
|
||||
|
||||
if ( ! function_exists( 'hash_equals' ) ) :
|
||||
/**
|
||||
* Compare two strings in constant time.
|
||||
*
|
||||
* This function is NOT pluggable. It is in this file (in addition to
|
||||
* compat.php) to prevent errors if, during an update, pluggable.php
|
||||
* copies over but compat.php does not.
|
||||
*
|
||||
* This function was added in PHP 5.6.
|
||||
* It can leak the length of a string.
|
||||
*
|
||||
* @since 3.9.2
|
||||
*
|
||||
* @param string $a Expected string.
|
||||
* @param string $b Actual string.
|
||||
* @return bool Whether strings are equal.
|
||||
*/
|
||||
function hash_equals( $a, $b ) {
|
||||
$a_length = strlen( $a );
|
||||
if ( $a_length !== strlen( $b ) ) {
|
||||
return false;
|
||||
}
|
||||
$result = 0;
|
||||
|
||||
// Do not attempt to "optimize" this.
|
||||
for ( $i = 0; $i < $a_length; $i++ ) {
|
||||
$result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );
|
||||
}
|
||||
|
||||
return $result === 0;
|
||||
}
|
||||
endif;
|
||||
|
||||
@@ -1409,9 +1409,6 @@ function wp_insert_user( $userdata ) {
|
||||
$data = wp_unslash( $data );
|
||||
|
||||
if ( $update ) {
|
||||
if ( $user_email !== $old_user_data->user_email ) {
|
||||
$data['user_activation_key'] = '';
|
||||
}
|
||||
$wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
|
||||
$user_id = (int) $ID;
|
||||
} else {
|
||||
|
||||
@@ -4,14 +4,14 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '3.8.5';
|
||||
$wp_version = '3.8.2';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
*
|
||||
* @global int $wp_db_version
|
||||
*/
|
||||
$wp_db_version = 26692;
|
||||
$wp_db_version = 26691;
|
||||
|
||||
/**
|
||||
* Holds the TinyMCE version
|
||||
|
||||
32
wp-login.php
32
wp-login.php
@@ -524,7 +524,7 @@ case 'retrievepassword' :
|
||||
|
||||
?>
|
||||
|
||||
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
|
||||
<form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post">
|
||||
<p>
|
||||
<label for="user_login" ><?php _e('Username or E-mail:') ?><br />
|
||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr($user_login); ?>" size="20" /></label>
|
||||
@@ -563,28 +563,10 @@ break;
|
||||
|
||||
case 'resetpass' :
|
||||
case 'rp' :
|
||||
list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
|
||||
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
|
||||
if ( isset( $_GET['key'] ) ) {
|
||||
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
|
||||
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
|
||||
wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
|
||||
exit;
|
||||
}
|
||||
$user = check_password_reset_key($_GET['key'], $_GET['login']);
|
||||
|
||||
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
|
||||
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
|
||||
$user = check_password_reset_key( $rp_key, $rp_login );
|
||||
if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
|
||||
$user = false;
|
||||
}
|
||||
} else {
|
||||
$user = false;
|
||||
}
|
||||
|
||||
if ( ! $user || is_wp_error( $user ) ) {
|
||||
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
|
||||
if ( $user && $user->get_error_code() === 'expired_key' )
|
||||
if ( is_wp_error($user) ) {
|
||||
if ( $user->get_error_code() === 'expired_key' )
|
||||
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
|
||||
else
|
||||
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
|
||||
@@ -608,7 +590,6 @@ case 'rp' :
|
||||
|
||||
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
|
||||
reset_password($user, $_POST['pass1']);
|
||||
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
|
||||
login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
|
||||
login_footer();
|
||||
exit;
|
||||
@@ -620,8 +601,8 @@ case 'rp' :
|
||||
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
|
||||
|
||||
?>
|
||||
<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
|
||||
<input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
|
||||
<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off">
|
||||
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" />
|
||||
|
||||
<p>
|
||||
<label for="pass1"><?php _e('New password') ?><br />
|
||||
@@ -636,7 +617,6 @@ case 'rp' :
|
||||
<p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
|
||||
|
||||
<br class="clear" />
|
||||
<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
|
||||
<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
|
||||
</form>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user