Juha-Matti pointed out multple reports on a vulnerability in the widely used wordpress blog software that supposedly allows lets remote users reset the administrative password. They all lead to an original post on a full disclosure mailing list.
Basically you just need to change line 190 in wp-login.php from if ( empty( $key )
to if ( empty( $key ) || is_array( $key ) )
If line 190 in wp-login.php doesn’t match the example, you should update Word Press.
I’ve already done it here and everything still works. I also tried it on a version of Word Press that isn’t the latest version. I had to search for the string that needed changing because it’s not on line 190 in the older version. I updated the info and everything is working there too.
Seeing how I’m now running Word Press, it only makes sense that I would tell you about Word Press TV. If you are running Word Press, or are just thinking about using it, you owe it to yourself to give this site a look.
Even though it’s only been up for maybe 2 months, there’s a lot of great content. There’s plenty of How-To videos, for beginners to advanced users. There’s videos about administration, set-up, widgets, publishing, media, plugins, themes, custom design, and more. There is also a section of videos from Word Camp.
I wanted to write about Word Press TV when it first went live, but I haven’t actully spent any amount of time on it, untill recently. Most of them are using vimeo to host their videos, so the quality is execlent. Theses aren’t some junky, pixalated Youtube videos. They are high quality and when I viewed them with HD turned on, the screen captures of in the how-to videos was perfect and crisp and easy to read the all the text in the videos. Even when not in full screen or HD you can read them easily. If only everyone made instructional videos at this quality. Check out the example below.
Getting set up with the WP e-Commerce plugin: settings and configuration
