diff --git src/wp-admin/includes/user.php src/wp-admin/includes/user.php
index b61cb7a..cb592c3 100644
|
|
|
function edit_user( $user_id = 0 ) { |
| 63 | 63 | } |
| 64 | 64 | |
| 65 | 65 | if ( isset( $_POST['email'] )) |
| 66 | | $user->user_email = sanitize_text_field( $_POST['email'] ); |
| | 66 | $user->user_email = sanitize_text_field( stripslashes( $_POST['email'] ) ); |
| 67 | 67 | if ( isset( $_POST['url'] ) ) { |
| 68 | 68 | if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { |
| 69 | 69 | $user->user_url = ''; |
diff --git src/wp-admin/network/user-new.php src/wp-admin/network/user-new.php
index 0f3ad1f..821c110 100644
|
|
|
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) { |
| 38 | 38 | if ( ! is_array( $_POST['user'] ) ) |
| 39 | 39 | wp_die( __( 'Cannot create an empty user.' ) ); |
| 40 | 40 | |
| 41 | | $user = $_POST['user']; |
| | 41 | $user = stripslashes_deep( $_POST['user'] ); |
| 42 | 42 | |
| 43 | 43 | $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] ); |
| 44 | 44 | if ( is_wp_error( $user_details[ 'errors' ] ) && ! empty( $user_details[ 'errors' ]->errors ) ) { |
| 45 | 45 | $add_user_errors = $user_details[ 'errors' ]; |
| 46 | 46 | } else { |
| 47 | 47 | $password = wp_generate_password( 12, false); |
| 48 | | $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); |
| | 48 | $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_email( $user['email'] ) ); |
| 49 | 49 | |
| 50 | 50 | if ( ! $user_id ) { |
| 51 | 51 | $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) ); |
diff --git src/wp-admin/user-new.php src/wp-admin/user-new.php
index c544dd4..bd1c0fe 100644
|
|
|
if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { |
| 41 | 41 | check_admin_referer( 'add-user', '_wpnonce_add-user' ); |
| 42 | 42 | |
| 43 | 43 | $user_details = null; |
| 44 | | if ( false !== strpos($_REQUEST[ 'email' ], '@') ) { |
| 45 | | $user_details = get_user_by('email', $_REQUEST[ 'email' ]); |
| | 44 | $user_email = stripslashes( $_REQUEST['email'] ); |
| | 45 | if ( false !== strpos( $user_email, '@' ) ) { |
| | 46 | $user_details = get_user_by( 'email', $user_email ); |
| 46 | 47 | } else { |
| 47 | 48 | if ( is_super_admin() ) { |
| 48 | | $user_details = get_user_by('login', $_REQUEST[ 'email' ]); |
| | 49 | $user_details = get_user_by( 'login', $user_email ); |
| 49 | 50 | } else { |
| 50 | 51 | wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) ); |
| 51 | 52 | die(); |
| … |
… |
Please click the following link to confirm the invite: |
| 112 | 113 | } |
| 113 | 114 | } else { |
| 114 | 115 | // Adding a new user to this site |
| 115 | | $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); |
| | 116 | $new_user_email = stripslashes( $_REQUEST['email'] ); |
| | 117 | $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $new_user_email ); |
| 116 | 118 | if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { |
| 117 | 119 | $add_user_errors = $user_details[ 'errors' ]; |
| 118 | 120 | } else { |
| … |
… |
Please click the following link to confirm the invite: |
| 127 | 129 | if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { |
| 128 | 130 | add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email |
| 129 | 131 | } |
| 130 | | wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); |
| | 132 | wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); |
| 131 | 133 | if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { |
| 132 | | $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) ); |
| | 134 | $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); |
| 133 | 135 | wpmu_activate_signup( $key ); |
| 134 | 136 | $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' ); |
| 135 | 137 | } else { |
diff --git src/wp-includes/formatting.php src/wp-includes/formatting.php
index 58b4f9d..f4055f6 100644
|
|
|
function esc_textarea( $text ) { |
| 2749 | 2749 | } |
| 2750 | 2750 | |
| 2751 | 2751 | /** |
| | 2752 | * Escape an email address |
| | 2753 | * |
| | 2754 | * This works just like esc_html(), except that single quotes are permitted |
| | 2755 | * |
| | 2756 | * @since 3.7.0 |
| | 2757 | * |
| | 2758 | * @param string $email The email address to be escaped |
| | 2759 | * @return string The escaped email |
| | 2760 | */ |
| | 2761 | function esc_email( $email ) { |
| | 2762 | $safe_email = wp_check_invalid_utf8( $email ); |
| | 2763 | $safe_email = _wp_specialchars( $safe_email, ENT_COMPAT ); |
| | 2764 | |
| | 2765 | /** |
| | 2766 | * Filter an escaped email address. |
| | 2767 | * |
| | 2768 | * @since 3.7.0 |
| | 2769 | * |
| | 2770 | * @param string $safe_email The email, as escaped by esc_email(). |
| | 2771 | * @param string $email The raw email, as passed to esc_email(). |
| | 2772 | */ |
| | 2773 | return apply_filters( 'esc_email', $safe_email, $email ); |
| | 2774 | } |
| | 2775 | |
| | 2776 | /** |
| 2752 | 2777 | * Escape an HTML tag name. |
| 2753 | 2778 | * |
| 2754 | 2779 | * @since 2.5.0 |
diff --git tests/phpunit/tests/formatting/EscEmail.php tests/phpunit/tests/formatting/EscEmail.php
new file mode 100644
index 0000000..9ab5d22
|
-
|
+
|
|
| | 1 | <?php |
| | 2 | |
| | 3 | /** |
| | 4 | * @group formatting |
| | 5 | */ |
| | 6 | class Tests_Formatting_EscEmail extends WP_UnitTestCase { |
| | 7 | function test_esc_email_allows_apostrophes() { |
| | 8 | $email = "foo'bar@baz.com"; |
| | 9 | $this->assertEquals( esc_email( $email ), $email ); |
| | 10 | } |
| | 11 | } |