WordPress.org

Make WordPress Core

Ticket #7197: no_magic_quotes_on_passwords.patch

File no_magic_quotes_on_passwords.patch, 1.9 KB (added by mystyman, 9 years ago)

re-based to revision 11274

  • wp-includes/functions.php

     
    13251325 * @param array $array Array to used to walk while sanitizing contents.
    13261326 * @return array Sanitized $array.
    13271327 */
    1328 function add_magic_quotes( $array ) {
     1328function add_magic_quotes( $array, $donottouch=array() ) {
    13291329        global $wpdb;
    1330 
    13311330        foreach ( (array) $array as $k => $v ) {
    13321331                if ( is_array( $v ) ) {
    13331332                        $array[$k] = add_magic_quotes( $v );
    1334                 } else {
     1333                } elseif ( !in_array($k, $donottouch) ) {
    13351334                        $array[$k] = $wpdb->escape( $v );
    13361335                }
    13371336        }
  • wp-settings.php

     
    582582
    583583// Escape with wpdb.
    584584$_GET    = add_magic_quotes($_GET   );
    585 $_POST   = add_magic_quotes($_POST  );
     585$_POST   = add_magic_quotes($_POST, $donottouch=array('pwd','pass1','pass2') );
    586586$_COOKIE = add_magic_quotes($_COOKIE);
    587587$_SERVER = add_magic_quotes($_SERVER);
    588588
  • wp-admin/includes/user.php

     
    148148                        $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter your password twice.' ), array( 'form-field' => 'pass2' ) );
    149149        }
    150150
    151         /* Check for "\" in password */
    152         if( strpos( " ".$pass1, "\\" ) )
    153                 $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
    154 
    155151        /* checking the password has been typed twice the same */
    156152        if ( $pass1 != $pass2 )
    157153                $errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in the two password fields.' ), array( 'form-field' => 'pass1' ) );