Topic: For those still using 2.7.1 · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

For those still using 2.7.1

Jason Giedymin
Participant

@jason_jm

15 years, 2 months ago

Make sure to patch your version manually.

wp-login.php: is_string() used in this code versus empty().

185 function reset_password($key, $login) { 186 global $wpdb, $current_site; 187 188 $key = preg_replace('/[^a-z0-9]/i', '', $key); 189 190 if ( empty( $key ) || !is_string( $key ) ) 191 return new WP_Error('invalid_key', __('Invalid key')); 192 193 if ( empty($login) || !is_string($login) ) 194 return new WP_Error('invalid_key', __('Invalid key'));

Slashdot:

http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset

Online downloads of both regular and mu contain the fix.

WP: http://wordpress.org/download/

WPMU: http://mu.wordpress.org/download/

Viewing 3 replies - 1 through 3 (of 3 total)

Jason Giedymin
Participant

@jason_jm

15 years, 2 months ago

Again, this is for those that are staying with 2.7.1 MU and I know your out there

r-a-y
Keymaster

@r-a-y

15 years, 2 months ago

Thanks Jason!

stefk
Participant

@stefk

15 years, 2 months ago

What would this be for? I use 2.7.1 mu?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘For those still using 2.7.1’ is closed to new replies.