<body>
<h1 id="logo" style="text-align: center">
<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
- <br /> Version 2.8.3
+ <br /> Version 2.8.4
</h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p>
<h1>Upgrading</h1>
<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.8.3:</h2>
+<h2>Upgrading from any previous WordPress to 2.8.4:</h2>
<ol>
<li>Delete your old WP files, saving ones you've modified.</li>
<li>Upload the new files.</li>
$message .= get_option('siteurl') . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
- $message .= site_url("wp-login.php?action=rp&key=$key", 'login') . "\r\n";
+ $message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));
* @param string $key Hash to validate sending user's password
* @return bool|WP_Error
*/
-function reset_password($key) {
+function reset_password($key, $login) {
global $wpdb;
$key = preg_replace('/[^a-z0-9]/i', '', $key);
- if ( empty( $key ) )
+ if ( empty( $key ) || !is_string( $key ) )
return new WP_Error('invalid_key', __('Invalid key'));
- $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
+ if ( empty($login) || !is_string($login) )
+ return new WP_Error('invalid_key', __('Invalid key'));
+
+ $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s AND user_login = %s", $key, $login));
if ( empty( $user ) )
return new WP_Error('invalid_key', __('Invalid key'));
case 'resetpass' :
case 'rp' :
- $errors = reset_password($_GET['key']);
+ $errors = reset_password($_GET['key'], $_GET['login']);
if ( ! is_wp_error($errors) ) {
wp_redirect('wp-login.php?checkemail=newpass');