Changeset 23554 for trunk/wp-admin/includes/user.php
- Timestamp:
- 03/01/2013 04:28:40 PM (12 years ago)
- File:
-
- 1 edited
-
trunk/wp-admin/includes/user.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/user.php
r23416 r23554 35 35 $user->ID = (int) $user_id; 36 36 $userdata = get_userdata( $user_id ); 37 $user->user_login = $ userdata->user_login;37 $user->user_login = $wpdb->escape( $userdata->user_login ); 38 38 } else { 39 39 $update = false; 40 40 } 41 41 42 // get clean data before we get started. 43 $post_data = wp_unslash( $_POST ); 44 45 if ( !$update && isset( $post_data['user_login'] ) ) 46 $user->user_login = sanitize_user($post_data['user_login'], true); 42 if ( !$update && isset( $_POST['user_login'] ) ) 43 $user->user_login = sanitize_user($_POST['user_login'], true); 47 44 48 45 $pass1 = $pass2 = ''; 49 if ( isset( $ post_data['pass1'] ))50 $pass1 = $ post_data['pass1'];51 if ( isset( $ post_data['pass2'] ))52 $pass2 = $ post_data['pass2'];53 54 if ( isset( $ post_data['role'] ) && current_user_can( 'edit_users' ) ) {55 $new_role = sanitize_text_field( $ post_data['role'] );46 if ( isset( $_POST['pass1'] )) 47 $pass1 = $_POST['pass1']; 48 if ( isset( $_POST['pass2'] )) 49 $pass2 = $_POST['pass2']; 50 51 if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { 52 $new_role = sanitize_text_field( $_POST['role'] ); 56 53 $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; 57 54 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. … … 66 63 } 67 64 68 if ( isset( $ post_data['email'] ))69 $user->user_email = sanitize_text_field( $ post_data['email'] );70 if ( isset( $ post_data['url'] ) ) {71 if ( empty ( $ post_data['url'] ) || $post_data['url'] == 'http://' ) {65 if ( isset( $_POST['email'] )) 66 $user->user_email = sanitize_text_field( $_POST['email'] ); 67 if ( isset( $_POST['url'] ) ) { 68 if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { 72 69 $user->user_url = ''; 73 70 } else { 74 $user->user_url = esc_url_raw( $ post_data['url'] );71 $user->user_url = esc_url_raw( $_POST['url'] ); 75 72 $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); 76 73 $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 77 74 } 78 75 } 79 if ( isset( $ post_data['first_name'] ) )80 $user->first_name = sanitize_text_field( $ post_data['first_name'] );81 if ( isset( $ post_data['last_name'] ) )82 $user->last_name = sanitize_text_field( $ post_data['last_name'] );83 if ( isset( $ post_data['nickname'] ) )84 $user->nickname = sanitize_text_field( $ post_data['nickname'] );85 if ( isset( $ post_data['display_name'] ) )86 $user->display_name = sanitize_text_field( $ post_data['display_name'] );87 88 if ( isset( $ post_data['description'] ) )89 $user->description = trim( $ post_data['description'] );76 if ( isset( $_POST['first_name'] ) ) 77 $user->first_name = sanitize_text_field( $_POST['first_name'] ); 78 if ( isset( $_POST['last_name'] ) ) 79 $user->last_name = sanitize_text_field( $_POST['last_name'] ); 80 if ( isset( $_POST['nickname'] ) ) 81 $user->nickname = sanitize_text_field( $_POST['nickname'] ); 82 if ( isset( $_POST['display_name'] ) ) 83 $user->display_name = sanitize_text_field( $_POST['display_name'] ); 84 85 if ( isset( $_POST['description'] ) ) 86 $user->description = trim( $_POST['description'] ); 90 87 91 88 foreach ( _wp_get_user_contactmethods( $user ) as $method => $name ) { 92 if ( isset( $ post_data[$method] ))93 $user->$method = sanitize_text_field( $ post_data[$method] );89 if ( isset( $_POST[$method] )) 90 $user->$method = sanitize_text_field( $_POST[$method] ); 94 91 } 95 92 96 93 if ( $update ) { 97 $user->rich_editing = isset( $ post_data['rich_editing'] ) && 'false' == $post_data['rich_editing'] ? 'false' : 'true';98 $user->admin_color = isset( $ post_data['admin_color'] ) ? sanitize_text_field( $post_data['admin_color'] ) : 'fresh';99 $user->show_admin_bar_front = isset( $ post_data['admin_bar_front'] ) ? 'true' : 'false';100 } 101 102 $user->comment_shortcuts = isset( $ post_data['comment_shortcuts'] ) && 'true' == $post_data['comment_shortcuts'] ? 'true' : '';94 $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; 95 $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; 96 $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; 97 } 98 99 $user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; 103 100 104 101 $user->use_ssl = 0; 105 if ( !empty($ post_data['use_ssl']) )102 if ( !empty($_POST['use_ssl']) ) 106 103 $user->use_ssl = 1; 107 104 … … 128 125 129 126 /* Check for "\" in password */ 130 if ( false !== strpos( $pass1, "\\" ) )127 if ( false !== strpos( stripslashes($pass1), "\\" ) ) 131 128 $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); 132 129 … … 138 135 $user->user_pass = $pass1; 139 136 140 if ( !$update && isset( $ post_data['user_login'] ) && !validate_username( $post_data['user_login'] ) )137 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) 141 138 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' )); 142 139 … … 163 160 } else { 164 161 $user_id = wp_insert_user( $user ); 165 wp_new_user_notification( $user_id, isset($ post_data['send_password']) ? $pass1 : '' );162 wp_new_user_notification( $user_id, isset($_POST['send_password']) ? $pass1 : '' ); 166 163 } 167 164 return $user_id;
Note: See TracChangeset
for help on using the changeset viewer.