diff --git src/wp-login.php src/wp-login.php
index 3dbfacfd2b..380443b06d 100644
|
|
require __DIR__ . '/wp-load.php'; |
13 | 13 | |
14 | 14 | // Redirect to HTTPS login if forced to use SSL. |
15 | 15 | if ( force_ssl_admin() && ! is_ssl() ) { |
16 | | if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { |
| 16 | if ( ( isset( $_SERVER['REQUEST_URI'] ) && !empty( $_SERVER['REQUEST_URI'] ) ) |
| 17 | && str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { |
17 | 18 | wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); |
18 | 19 | exit; |
19 | 20 | } else { |
… |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
90 | 91 | <html <?php language_attributes(); ?>> |
91 | 92 | <head> |
92 | 93 | <meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" /> |
93 | | <title><?php echo $login_title; ?></title> |
| 94 | <title><?php echo esc_html( $login_title ); ?></title> |
94 | 95 | <?php |
95 | 96 | |
96 | 97 | wp_enqueue_style( 'login' ); |
… |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
206 | 207 | |
207 | 208 | ?> |
208 | 209 | <div id="login"> |
209 | | <h1><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo $login_header_text; ?></a></h1> |
| 210 | <h1><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo esc_html( $login_header_text ); ?></a></h1> |
210 | 211 | <?php |
211 | 212 | /** |
212 | 213 | * Filters the message to display above the login form. |
… |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
218 | 219 | $message = apply_filters( 'login_message', $message ); |
219 | 220 | |
220 | 221 | if ( ! empty( $message ) ) { |
221 | | echo $message . "\n"; |
| 222 | echo esc_html( $message ) . "\n"; |
222 | 223 | } |
223 | 224 | |
224 | 225 | // In case a plugin uses $error rather than the $wp_errors object. |
… |
… |
function login_footer( $input_id = '' ) { |
335 | 336 | <span class="screen-reader-text"> |
336 | 337 | <?php |
337 | 338 | /* translators: Hidden accessibility text. */ |
338 | | _e( 'Language' ); |
| 339 | esc_html_e( 'Language' ); |
339 | 340 | ?> |
340 | 341 | </span> |
341 | 342 | </label> |
… |
… |
function login_footer( $input_id = '' ) { |
367 | 368 | <?php } ?> |
368 | 369 | |
369 | 370 | <?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?> |
370 | | <input type="hidden" name="redirect_to" value="<?php echo sanitize_url( $_GET['redirect_to'] ); ?>" /> |
| 371 | <input type="hidden" name="redirect_to" value="<?php echo esc_attr( sanitize_url( $_GET['redirect_to'] ) ); ?>" /> |
371 | 372 | <?php } ?> |
372 | 373 | |
373 | 374 | <?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?> |
… |
… |
$interim_login = isset( $_REQUEST['interim-login'] ); |
538 | 539 | */ |
539 | 540 | $login_link_separator = apply_filters( 'login_link_separator', ' | ' ); |
540 | 541 | |
| 542 | // Assign filterable labels for form controls. |
| 543 | $defaults = array( |
| 544 | 'label_username' => __( 'Username or Email Address' ), |
| 545 | 'label_password' => __( 'Password' ), |
| 546 | 'label_remember' => __( 'Remember Me' ), |
| 547 | 'label_log_in' => __( 'Log In' ), |
| 548 | ); |
| 549 | $labels = apply_filters( 'login_form_defaults', $defaults ); |
| 550 | |
541 | 551 | switch ( $action ) { |
542 | 552 | |
543 | 553 | case 'confirm_admin_email': |
… |
… |
switch ( $action ) { |
841 | 851 | |
842 | 852 | <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> |
843 | 853 | <p> |
844 | | <label for="user_login"><?php _e( 'Username or Email Address' ); ?></label> |
| 854 | <label for="user_login"><?php echo esc_html( $labels['label_username'] ); ?></label> |
845 | 855 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
846 | 856 | </p> |
847 | 857 | <?php |
… |
… |
switch ( $action ) { |
1088 | 1098 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
1089 | 1099 | </p> |
1090 | 1100 | <p> |
1091 | | <label for="user_email"><?php _e( 'Email' ); ?></label> |
| 1101 | <label for="user_email"><?php _e( 'Email Address' ); ?></label> |
1092 | 1102 | <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" /> |
1093 | 1103 | </p> |
1094 | 1104 | <?php |
… |
… |
switch ( $action ) { |
1424 | 1434 | |
1425 | 1435 | <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> |
1426 | 1436 | <p> |
1427 | | <label for="user_login"><?php _e( 'Username or Email Address' ); ?></label> |
1428 | | <input type="text" name="log" id="user_login"<?php echo $aria_describedby; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
| 1437 | <label for="user_login"><?php echo esc_html( $labels['label_username'] ); ?></label> |
| 1438 | <input type="text" name="log" id="user_login"<?php echo esc_attr( $aria_describedby ); ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
1429 | 1439 | </p> |
1430 | 1440 | |
1431 | 1441 | <div class="user-pass-wrap"> |
1432 | | <label for="user_pass"><?php _e( 'Password' ); ?></label> |
| 1442 | <label for="user_pass"><?php echo esc_html( $labels['label_password'] ); ?></label> |
1433 | 1443 | <div class="wp-pwd"> |
1434 | | <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby; ?> class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" /> |
| 1444 | <input type="password" name="pwd" id="user_pass"<?php echo esc_attr( $aria_describedby ); ?> class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" /> |
1435 | 1445 | <button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Show password' ); ?>"> |
1436 | 1446 | <span class="dashicons dashicons-visibility" aria-hidden="true"></span> |
1437 | 1447 | </button> |
… |
… |
switch ( $action ) { |
1447 | 1457 | do_action( 'login_form' ); |
1448 | 1458 | |
1449 | 1459 | ?> |
1450 | | <p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <label for="rememberme"><?php esc_html_e( 'Remember Me' ); ?></label></p> |
| 1460 | <p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <label for="rememberme"><?php echo esc_html( $labels['label_remember'] ); ?></label></p> |
1451 | 1461 | <p class="submit"> |
1452 | | <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" /> |
| 1462 | <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php echo esc_attr( $labels['label_log_in'] ); ?>" /> |
1453 | 1463 | <?php |
1454 | 1464 | |
1455 | 1465 | if ( $interim_login ) { |