$redirect_to = 'wp-login.php';
if ( isset($_REQUEST['redirect_to']) )
- $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+ $redirect_to = $_REQUEST['redirect_to'];
wp_redirect($redirect_to);
exit();
case 'resetpass' :
// Generate something random for a password... md5'ing current time with a rand salt
- $key = preg_replace('/a-z0-9/i', '', $_GET['key']);
+ $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
if ( empty($key) )
die( __('Sorry, that key does not appear to be valid.') );
$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
$user_login = '';
$user_pass = '';
$using_cookie = false;
- if ( !isset( $_REQUEST['redirect_to'] ) )
+ if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
$redirect_to = 'wp-admin/';
else
$redirect_to = $_REQUEST['redirect_to'];
- $redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $redirect_to);
if( $_POST ) {
$user_login = $_POST['log'];
$user_login = sanitize_user( $user_login );
$user_pass = $_POST['pwd'];
$rememberme = $_POST['rememberme'];
- } elseif ( !empty($_COOKIE) ) {
- if ( !empty($_COOKIE[USER_COOKIE]) )
- $user_login = $_COOKIE[USER_COOKIE];
- if ( !empty($_COOKIE[PASS_COOKIE]) ) {
- $user_pass = $_COOKIE[PASS_COOKIE];
+ } else {
+ $cookie_login = wp_get_cookie_login();
+ if ( ! empty($cookie_login) ) {
$using_cookie = true;
+ $user_login = $cookie_login['login'];
+ $user_pass = $cookie_login['password'];
}
}
if ( $using_cookie )
$error = __('Your session has expired.');
}
+ } else if ( $user_login || $user_pass ) {
+ $error = __('<strong>Error</strong>: The password field is empty.');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
?>
<form name="loginform" id="loginform" action="wp-login.php" method="post">
-<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1); ?>" size="20" tabindex="1" /></label></p>
+<p><label><?php _e('Username:') ?><br /><input type="text" name="log" id="log" value="<?php echo attribute_escape(stripslashes($user_login)); ?>" size="20" tabindex="1" /></label></p>
<p><label><?php _e('Password:') ?><br /> <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label></p>
<p>
<label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="3" />
<?php _e('Remember me'); ?></label></p>
<p class="submit">
<input type="submit" name="submit" id="submit" value="<?php _e('Login'); ?> »" tabindex="4" />
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
+ <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
</p>
</form>
<ul>