WordPress.org

Make WordPress Core

Ticket #24367: 24367.2.patch

File 24367.2.patch, 1.1 KB (added by SergeyBiryukov, 5 years ago)
  • wp-admin/includes/user.php

     
    124124        }
    125125
    126126        /* Check for "\" in password */
    127         if ( false !== strpos( stripslashes($pass1), "\\" ) )
     127        if ( false !== strpos( $pass1, "\\" ) )
    128128                $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
    129129
    130130        /* checking the password has been typed twice the same */
  • wp-includes/user.php

     
    2727                if ( ! empty($_POST['log']) )
    2828                        $credentials['user_login'] = $_POST['log'];
    2929                if ( ! empty($_POST['pwd']) )
    30                         $credentials['user_password'] = $_POST['pwd'];
     30                        $credentials['user_password'] = wp_unslash( $_POST['pwd'] );
    3131                if ( ! empty($_POST['rememberme']) )
    3232                        $credentials['remember'] = $_POST['rememberme'];
    3333        }