WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't pass around the password reset key. 

Merges [29327] and [29381] to the 3.9 branch.

props mdawaffe.
fixes #29060.

Built from https://develop.svn.wordpress.org/branches/3.9@29394


git-svn-id: http://core.svn.wordpress.org/branches/3.9@29172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin 2014-08-06 06:37:15 +00:00
parent b86cd8511b
commit ac2d674473
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
wp-login.php
View File

@ -562,10 +562,25 @@ break;
case 'resetpass' : case 'resetpass' :
case 'rp' : case 'rp' :
$user = check_password_reset_key($_GET['key'], $_GET['login']); list( $rp_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( isset( $_GET['key'] ) ) {
$value = sprintf( '%s:%s', wp_unslash( $_GET['login'] ), wp_unslash( $_GET['key'] ) );
setcookie( $rp_cookie, $value, 0, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
wp_safe_redirect( remove_query_arg( array( 'key', 'login' ) ) );
exit;
}
if ( is_wp_error($user) ) { if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
if ( $user->get_error_code() === 'expired_key' ) list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = check_password_reset_key( $rp_key, $rp_login );
} else {
$user = false;
}
if ( ! $user || is_wp_error( $user ) ) {
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
if ( $user && $user->get_error_code() === 'expired_key' )
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) ); wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=expiredkey' ) );
else else
wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) ); wp_redirect( site_url( 'wp-login.php?action=lostpassword&error=invalidkey' ) );
@ -589,6 +604,7 @@ case 'rp' :
if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) { if ( ( ! $errors->get_error_code() ) && isset( $_POST['pass1'] ) && !empty( $_POST['pass1'] ) ) {
reset_password($user, $_POST['pass1']); reset_password($user, $_POST['pass1']);
setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' ); login_header( __( 'Password Reset' ), '<p class="message reset-pass">' . __( 'Your password has been reset.' ) . ' <a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log in' ) . '</a></p>' );
login_footer(); login_footer();
exit; exit;
@ -600,8 +616,8 @@ case 'rp' :
login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors ); login_header(__('Reset Password'), '<p class="message reset-pass">' . __('Enter your new password below.') . '</p>', $errors );
?> ?>
<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass&key=' . urlencode( $_GET['key'] ) . '&login=' . urlencode( $_GET['login'] ), 'login_post' ) ); ?>" method="post" autocomplete="off"> <form name="resetpassform" id="resetpassform" action="<?php echo esc_url( site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
<input type="hidden" id="user_login" value="<?php echo esc_attr( $_GET['login'] ); ?>" autocomplete="off" /> <input type="hidden" id="user_login" value="<?php echo esc_attr( $rp_login ); ?>" autocomplete="off" />
<p> <p>
<label for="pass1"><?php _e('New password') ?><br /> <label for="pass1"><?php _e('New password') ?><br />