WordPress.org

Make WordPress Core

Ticket #7197: no_magic_quotes_on_passwords.patch

File no_magic_quotes_on_passwords.patch, 1.9 KB (added by mystyman, 5 years ago)

re-based to revision 11274

  • wp-includes/functions.php

     
    13251325 * @param array $array Array to used to walk while sanitizing contents. 
    13261326 * @return array Sanitized $array. 
    13271327 */ 
    1328 function add_magic_quotes( $array ) { 
     1328function add_magic_quotes( $array, $donottouch=array() ) { 
    13291329        global $wpdb; 
    1330  
    13311330        foreach ( (array) $array as $k => $v ) { 
    13321331                if ( is_array( $v ) ) { 
    13331332                        $array[$k] = add_magic_quotes( $v ); 
    1334                 } else { 
     1333                } elseif ( !in_array($k, $donottouch) ) { 
    13351334                        $array[$k] = $wpdb->escape( $v ); 
    13361335                } 
    13371336        } 
  • wp-settings.php

     
    582582 
    583583// Escape with wpdb. 
    584584$_GET    = add_magic_quotes($_GET   ); 
    585 $_POST   = add_magic_quotes($_POST  ); 
     585$_POST   = add_magic_quotes($_POST, $donottouch=array('pwd','pass1','pass2') ); 
    586586$_COOKIE = add_magic_quotes($_COOKIE); 
    587587$_SERVER = add_magic_quotes($_SERVER); 
    588588 
  • wp-admin/includes/user.php

     
    148148                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your password twice.' ), array( 'form-field' => 'pass2' ) ); 
    149149        } 
    150150 
    151         /* Check for "\" in password */ 
    152         if( strpos( " ".$pass1, "\\" ) ) 
    153                 $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); 
    154  
    155151        /* checking the password has been typed twice the same */ 
    156152        if ( $pass1 != $pass2 ) 
    157153                $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );