diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-24 11:45:39 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-24 11:45:39 +0000 |
commit | cf9f85dc8121a359d550ffa3b735fb48859eee88 (patch) | |
tree | 9f90be15fc46163f5656f019f2a2866414b7c9f2 /wp-login.php | |
parent | f10f9f5b05e23ce4c07479b094bd3ff4bbfd86d0 (diff) | |
download | wordpress-mu-cf9f85dc8121a359d550ffa3b735fb48859eee88.tar.gz wordpress-mu-cf9f85dc8121a359d550ffa3b735fb48859eee88.tar.xz wordpress-mu-cf9f85dc8121a359d550ffa3b735fb48859eee88.zip |
Merged with WP 2.5, revision 7806
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1260 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-login.php')
-rw-r--r-- | wp-login.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/wp-login.php b/wp-login.php index 4de102a..6222791 100644 --- a/wp-login.php +++ b/wp-login.php @@ -90,13 +90,13 @@ function retrieve_password() { do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); - $key = $wpdb->get_var("SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'"); + $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); if ( empty($key) ) { // Generate something random for a key... $key = wp_generate_password(); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db - $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); + $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; @@ -118,7 +118,7 @@ function reset_password($key) { if ( empty( $key ) ) return new WP_Error('invalid_key', __('Invalid key')); - $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'"); + $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); if ( empty( $user ) ) return new WP_Error('invalid_key', __('Invalid key')); |