diff --git src/wp-login.php src/wp-login.php
index 3dbfacfd2b..380443b06d 100644
|
|
|
require __DIR__ . '/wp-load.php'; |
| 13 | 13 | |
| 14 | 14 | // Redirect to HTTPS login if forced to use SSL. |
| 15 | 15 | if ( force_ssl_admin() && ! is_ssl() ) { |
| 16 | | if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { |
| | 16 | if ( ( isset( $_SERVER['REQUEST_URI'] ) && !empty( $_SERVER['REQUEST_URI'] ) ) |
| | 17 | && str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { |
| 17 | 18 | wp_safe_redirect( set_url_scheme( $_SERVER['REQUEST_URI'], 'https' ) ); |
| 18 | 19 | exit; |
| 19 | 20 | } else { |
| … |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
| 90 | 91 | <html <?php language_attributes(); ?>> |
| 91 | 92 | <head> |
| 92 | 93 | <meta http-equiv="Content-Type" content="<?php bloginfo( 'html_type' ); ?>; charset=<?php bloginfo( 'charset' ); ?>" /> |
| 93 | | <title><?php echo $login_title; ?></title> |
| | 94 | <title><?php echo esc_html( $login_title ); ?></title> |
| 94 | 95 | <?php |
| 95 | 96 | |
| 96 | 97 | wp_enqueue_style( 'login' ); |
| … |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
| 206 | 207 | |
| 207 | 208 | ?> |
| 208 | 209 | <div id="login"> |
| 209 | | <h1><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo $login_header_text; ?></a></h1> |
| | 210 | <h1><a href="<?php echo esc_url( $login_header_url ); ?>"><?php echo esc_html( $login_header_text ); ?></a></h1> |
| 210 | 211 | <?php |
| 211 | 212 | /** |
| 212 | 213 | * Filters the message to display above the login form. |
| … |
… |
function login_header( $title = 'Log In', $message = '', $wp_error = null ) { |
| 218 | 219 | $message = apply_filters( 'login_message', $message ); |
| 219 | 220 | |
| 220 | 221 | if ( ! empty( $message ) ) { |
| 221 | | echo $message . "\n"; |
| | 222 | echo esc_html( $message ) . "\n"; |
| 222 | 223 | } |
| 223 | 224 | |
| 224 | 225 | // In case a plugin uses $error rather than the $wp_errors object. |
| … |
… |
function login_footer( $input_id = '' ) { |
| 335 | 336 | <span class="screen-reader-text"> |
| 336 | 337 | <?php |
| 337 | 338 | /* translators: Hidden accessibility text. */ |
| 338 | | |
| | 339 | esc_html_e( 'Language' ); |
| 339 | 340 | ?> |
| 340 | 341 | </span> |
| 341 | 342 | </label> |
| … |
… |
function login_footer( $input_id = '' ) { |
| 367 | 368 | <?php } ?> |
| 368 | 369 | |
| 369 | 370 | <?php if ( isset( $_GET['redirect_to'] ) && '' !== $_GET['redirect_to'] ) { ?> |
| 370 | | <input type="hidden" name="redirect_to" value="<?php echo sanitize_url( $_GET['redirect_to'] ); ?>" /> |
| | 371 | <input type="hidden" name="redirect_to" value="<?php echo esc_attr( sanitize_url( $_GET['redirect_to'] ) ); ?>" /> |
| 371 | 372 | <?php } ?> |
| 372 | 373 | |
| 373 | 374 | <?php if ( isset( $_GET['action'] ) && '' !== $_GET['action'] ) { ?> |
| … |
… |
$interim_login = isset( $_REQUEST['interim-login'] ); |
| 538 | 539 | */ |
| 539 | 540 | $login_link_separator = apply_filters( 'login_link_separator', ' | ' ); |
| 540 | 541 | |
| | 542 | // Assign filterable labels for form controls. |
| | 543 | $defaults = array( |
| | 544 | 'label_username' => __( 'Username or Email Address' ), |
| | 545 | 'label_password' => __( 'Password' ), |
| | 546 | 'label_remember' => __( 'Remember Me' ), |
| | 547 | 'label_log_in' => __( 'Log In' ), |
| | 548 | ); |
| | 549 | $labels = apply_filters( 'login_form_defaults', $defaults ); |
| | 550 | |
| 541 | 551 | switch ( $action ) { |
| 542 | 552 | |
| 543 | 553 | case 'confirm_admin_email': |
| … |
… |
switch ( $action ) { |
| 841 | 851 | |
| 842 | 852 | <form name="lostpasswordform" id="lostpasswordform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=lostpassword', 'login_post' ) ); ?>" method="post"> |
| 843 | 853 | <p> |
| 844 | | <label for="user_login"><?php _e( 'Username or Email Address' ); ?></label> |
| | 854 | <label for="user_login"><?php echo esc_html( $labels['label_username'] ); ?></label> |
| 845 | 855 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
| 846 | 856 | </p> |
| 847 | 857 | <?php |
| … |
… |
switch ( $action ) { |
| 1088 | 1098 | <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
| 1089 | 1099 | </p> |
| 1090 | 1100 | <p> |
| 1091 | | <label for="user_email"><?php _e( 'Email |
| | 1101 | <label for="user_email"><?php _e( 'Email Address' ); ?></label> |
| 1092 | 1102 | <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" /> |
| 1093 | 1103 | </p> |
| 1094 | 1104 | <?php |
| … |
… |
switch ( $action ) { |
| 1424 | 1434 | |
| 1425 | 1435 | <form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post"> |
| 1426 | 1436 | <p> |
| 1427 | | <label for="user_login"><?php _e( 'Username or Email Address' ); ?></label> |
| 1428 | | <input type="text" name="log" id="user_login"<?php echo $aria_describedby; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
| | 1437 | <label for="user_login"><?php echo esc_html( $labels['label_username'] ); ?></label> |
| | 1438 | <input type="text" name="log" id="user_login"<?php echo esc_attr( $aria_describedby ); ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> |
| 1429 | 1439 | </p> |
| 1430 | 1440 | |
| 1431 | 1441 | <div class="user-pass-wrap"> |
| 1432 | | <label for="user_pass"><?php _e( 'Password' ); ?></label> |
| | 1442 | <label for="user_pass"><?php echo esc_html( $labels['label_password'] ); ?></label> |
| 1433 | 1443 | <div class="wp-pwd"> |
| 1434 | | <input type="password" name="pwd" id="user_pass"<?php echo $aria_describedby; ?> class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" /> |
| | 1444 | <input type="password" name="pwd" id="user_pass"<?php echo esc_attr( $aria_describedby ); ?> class="input password-input" value="" size="20" autocomplete="current-password" spellcheck="false" required="required" /> |
| 1435 | 1445 | <button type="button" class="button button-secondary wp-hide-pw hide-if-no-js" data-toggle="0" aria-label="<?php esc_attr_e( 'Show password' ); ?>"> |
| 1436 | 1446 | <span class="dashicons dashicons-visibility" aria-hidden="true"></span> |
| 1437 | 1447 | </button> |
| … |
… |
switch ( $action ) { |
| 1447 | 1457 | do_action( 'login_form' ); |
| 1448 | 1458 | |
| 1449 | 1459 | ?> |
| 1450 | | <p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <label for="rememberme"><?php esc_html_e( 'Remember Me' ); ?></label></p> |
| | 1460 | <p class="forgetmenot"><input name="rememberme" type="checkbox" id="rememberme" value="forever" <?php checked( $rememberme ); ?> /> <label for="rememberme"><?php echo esc_html( $labels['label_remember'] ); ?></label></p> |
| 1451 | 1461 | <p class="submit"> |
| 1452 | | <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Log In' ); ?>" /> |
| | 1462 | <input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php echo esc_attr( $labels['label_log_in'] ); ?>" /> |
| 1453 | 1463 | <?php |
| 1454 | 1464 | |
| 1455 | 1465 | if ( $interim_login ) { |