WordPress.org

Make WordPress Core

Changeset 23594 for trunk/wp-login.php


Ignore:
Timestamp:
03/03/2013 09:11:40 PM (8 years ago)
Author:
ryan
Message:

Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().

see #21767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-login.php

    r23558 r23594  
    400400
    401401    // 10 days
    402     setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
     402    setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH );
    403403
    404404    wp_safe_redirect( wp_get_referer() );
     
    435435    login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or email address. You will receive a link to create a new password via email.') . '</p>', $errors);
    436436
    437     $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : '';
     437    $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : '';
    438438
    439439?>
     
    551551    <p>
    552552        <label for="user_login"><?php _e('Username') ?><br />
    553         <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" /></label>
     553        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr(wp_unslash($user_login)); ?>" size="20" /></label>
    554554    </p>
    555555    <p>
    556556        <label for="user_email"><?php _e('E-mail') ?><br />
    557         <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" /></label>
     557        <input type="text" name="user_email" id="user_email" class="input" value="<?php echo esc_attr(wp_unslash($user_email)); ?>" size="25" /></label>
    558558    </p>
    559559<?php do_action('register_form'); ?>
     
    671671
    672672    if ( isset($_POST['log']) )
    673         $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(stripslashes($_POST['log'])) : '';
     673        $user_login = ( 'incorrect_password' == $errors->get_error_code() || 'empty_password' == $errors->get_error_code() ) ? esc_attr(wp_unslash($_POST['log'])) : '';
    674674    $rememberme = ! empty( $_POST['rememberme'] );
    675675?>
Note: See TracChangeset for help on using the changeset viewer.