From 2c4aadf49f09db10875792692e94b165d6513e63 Mon Sep 17 00:00:00 2001
From: westi <westi@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 14 Dec 2009 22:09:54 +0000
Subject: [PATCH] Fix some more html encoding in email subject issues. Fixes
 #9913.

git-svn-id: http://svn.automattic.com/wordpress/trunk@12398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/pluggable.php |  5 ++++-
 wp-login.php              | 12 ++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 85bac11c2..fe6bbd704 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1136,7 +1136,10 @@ function wp_password_change_notification(&$user) {
 	// but check to see if it's the admin whose password we're changing, and skip this
 	if ( $user->user_email != get_option('admin_email') ) {
 		$message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
-		wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), @html_entity_decode(get_option('blogname'), ENT_QUOTES, get_option('blog_charset'))), $message);
+		// The blogname option is escaped with esc_html on the way into the database in sanitize_option
+		// we want to reverse this for the plain text arena of emails.
+		$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+		wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), $blogname), $message);
 	}
 }
 endif;
diff --git a/wp-login.php b/wp-login.php
index 44a17604e..a20e6ffec 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -167,7 +167,11 @@ function retrieve_password() {
 	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
 	$message .= site_url("wp-login.php?action=rp&key=$key&login=" . rawurlencode($user_login), 'login') . "\r\n";
 
-	$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));
+	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
+	// we want to reverse this for the plain text arena of emails.
+	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+
+	$title = sprintf(__('[%s] Password Reset'), $blogname);
 
 	$title = apply_filters('retrieve_password_title', $title);
 	$message = apply_filters('retrieve_password_message', $message, $key);
@@ -212,7 +216,11 @@ function reset_password($key, $login) {
 	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
 	$message .= site_url('wp-login.php', 'login') . "\r\n";
 
-	$title = sprintf(__('[%s] Your new password'), get_option('blogname'));
+	// The blogname option is escaped with esc_html on the way into the database in sanitize_option
+	// we want to reverse this for the plain text arena of emails.
+	$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
+
+	$title = sprintf(__('[%s] Your new password'), $blogname);
 
 	$title = apply_filters('password_reset_title', $title);
 	$message = apply_filters('password_reset_message', $message, $new_pass);