diff --git a/992540-80.patch b/992540-88.patch
index 060b2e6..d8c178f 100644
--- a/992540-80.patch
+++ b/992540-88.patch
@@ -1,8 +1,26 @@
 diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php
-index 779cf90..9f484b1 100644
+index 779cf90..fbd3e1c 100644
 --- a/core/modules/user/src/Controller/UserController.php
 +++ b/core/modules/user/src/Controller/UserController.php
-@@ -222,6 +222,20 @@ public function resetPassLogin($uid, $timestamp, $hash) {
+@@ -186,6 +186,8 @@ public function getResetPassForm(Request $request, $uid) {
+   /**
+    * Validates user, hash, and timestamp; logs the user in if correct.
+    *
++   * @param \Symfony\Component\HttpFoundation\Request $request
++   *   The request.
+    * @param int $uid
+    *   User ID of the user requesting reset.
+    * @param int $timestamp
+@@ -201,7 +203,7 @@ public function getResetPassForm(Request $request, $uid) {
+    * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
+    *   If $uid is for a blocked user or invalid user ID.
+    */
+-  public function resetPassLogin($uid, $timestamp, $hash) {
++  public function resetPassLogin(Request $request, $uid, $timestamp, $hash) {
+     // The current user is not logged in, so check the parameters.
+     $current = REQUEST_TIME;
+     /** @var \Drupal\user\UserInterface $user */
+@@ -222,6 +224,20 @@ public function resetPassLogin($uid, $timestamp, $hash) {
        return $this->redirect('user.pass');
      }
      elseif ($user->isAuthenticated() && ($timestamp >= $user->getLastLoginTime()) && ($timestamp <= $current) && Crypt::hashEquals($hash, user_pass_rehash($user, $timestamp))) {
@@ -16,7 +34,7 @@ index 779cf90..9f484b1 100644
 +        // The default identifier is a combination of uid and IP address. This
 +        // is less secure but more resistant to denial-of-service attacks that
 +        // could lock out all users with public user names.
-+        $identifier = $user->id() . '-' . \Drupal::request()->getClientIP();
++        $identifier = $user->id() . '-' . $request->getClientIP();
 +      }
 +      \Drupal::flood()->clear('user.failed_login_ip');
 +      \Drupal::flood()->clear('user.failed_login_user', $identifier);