Ticket #38744: 38744-fixes.3.diff.patch
File 38744-fixes.3.diff.patch, 3.4 KB (added by , 6 years ago) |
---|
-
src/wp-admin/includes/user.php
41 41 } 42 42 43 43 if ( ! $update && isset( $_POST['user_login'] ) ) { 44 $user->user_login = sanitize_user( $_POST['user_login'], true );44 $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true ); 45 45 } 46 46 47 47 $pass1 = $pass2 = ''; -
src/wp-includes/user.php
35 35 $credentials = array(); // Back-compat for plugins passing an empty string. 36 36 37 37 if ( ! empty( $_POST['log'] ) ) { 38 $credentials['user_login'] = $_POST['log'];38 $credentials['user_login'] = wp_unslash( $_POST['log'] ); 39 39 } 40 40 if ( ! empty( $_POST['pwd'] ) ) { 41 41 $credentials['user_password'] = $_POST['pwd']; -
src/wp-login.php
805 805 806 806 if ( $http_post ) { 807 807 if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { 808 $user_login = $_POST['user_login'];808 $user_login = wp_unslash( $_POST['user_login'] ); 809 809 } 810 810 811 811 if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) { … … 913 913 914 914 // If the user wants SSL but the session is not SSL, force a secure cookie. 915 915 if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { 916 $user_name = sanitize_user( $_POST['log']);916 $user_name = sanitize_user( wp_unslash( $_POST['log'] )); 917 917 $user = get_user_by( 'login', $user_name ); 918 918 919 919 if ( ! $user && strpos( $user_name, '@' ) ) { -
tests/phpunit/tests/user.php
34 34 ) 35 35 ); 36 36 37 self::$user_ids[] = $factory->user->create( 38 array( 39 'user_login' => "testemailaddress'@test.com", 40 'user_nicename' => 'user_email_with_apostrophe', 41 'user_pass' => 'password', 42 'first_name' => 'John', 43 'last_name' => 'Doe', 44 'display_name' => 'John Doe', 45 'user_email' => "testemailaddress'@test.com", 46 'user_url' => 'http://tacos.com', 47 'role' => 'contributor', 48 'nickname' => 'Johnny', 49 'description' => 'I am a WordPress user that cares about privacy.', 50 ) 51 ); 52 37 53 self::$user_ids[] = self::$author_id = $factory->user->create( 38 54 array( 39 55 'user_login' => 'author_login', … … 60 76 $this->author = clone self::$_author; 61 77 } 62 78 79 public function test_that_you_can_login_with_an_email_that_has_apostrophe(){ 80 81 //create the user with an email that has an apostrophe (see test setup) 82 83 //login as the user 84 $credentials = [ 85 'user_login' => "testemailaddress'@test.com", 86 'user_password' => 'password' 87 ]; 88 89 //attempt to login 90 $user = wp_signon($credentials); 91 92 //assert that login was successfull 93 //if the login fails, an instance of WP_Error is returned rather than User object 94 $this->assertNotWPError($user); 95 } 96 63 97 function test_get_users_of_blog() { 64 98 // add one of each user role 65 99 $nusers = array(