WordPress.org

Make WordPress Core

Ticket #24367: 24367.2.patch

File 24367.2.patch, 1.1 KB (added by SergeyBiryukov, 2 years ago)
  • wp-admin/includes/user.php

     
    124124        } 
    125125 
    126126        /* Check for "\" in password */ 
    127         if ( false !== strpos( stripslashes($pass1), "\\" ) ) 
     127        if ( false !== strpos( $pass1, "\\" ) ) 
    128128                $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); 
    129129 
    130130        /* checking the password has been typed twice the same */ 
  • wp-includes/user.php

     
    2727                if ( ! empty($_POST['log']) ) 
    2828                        $credentials['user_login'] = $_POST['log']; 
    2929                if ( ! empty($_POST['pwd']) ) 
    30                         $credentials['user_password'] = $_POST['pwd']; 
     30                        $credentials['user_password'] = wp_unslash( $_POST['pwd'] ); 
    3131                if ( ! empty($_POST['rememberme']) ) 
    3232                        $credentials['remember'] = $_POST['rememberme']; 
    3333        }