X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f..874d2a2f468a0d1e69aab49b1fe2d9d79d3e1142:/wp-login.php?ds=sidebyside

diff --git a/wp-login.php b/wp-login.php
index b9dbd61e..5ab6fc67 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -571,6 +571,9 @@ case 'rp' :
 	if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
 		list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
 		$user = check_password_reset_key( $rp_key, $rp_login );
+		if ( isset( $_POST['pass1'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
+			$user = false;
+		}
 	} else {
 		$user = false;
 	}
@@ -640,6 +643,7 @@ case 'rp' :
 	 */
 	do_action( 'resetpass_form', $user );
 	?>
+	<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
 	<p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e('Reset Password'); ?>" /></p>
 </form>