WordPress.org

Make WordPress Core

Ticket #36322: 36322.01.patch

File 36322.01.patch, 677 bytes (added by dcavins, 6 years ago)

Un-slash posted email addresses before attempting get_user_by.

  • src/wp-login.php

    diff --git src/wp-login.php src/wp-login.php
    index ed3878c..7832e2e 100644
    function retrieve_password() { 
    286286        if ( empty( $_POST['user_login'] ) ) {
    287287                $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.'));
    288288        } elseif ( strpos( $_POST['user_login'], '@' ) ) {
    289                 $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
     289                $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
    290290                if ( empty( $user_data ) )
    291291                        $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
    292292        } else {