Changeset 24508

Timestamp:

06/25/2013 11:14:50 AM (12 years ago)

Author:

SergeyBiryukov

Message:

Revert to storing a hash of the slashed password. fixes #24367. see #17018.

File:

• trunk/wp-admin/includes/user.php (modified) (3 diffs)

trunk/wp-admin/includes/user.php

@@ -44 +44 @@
 
     $pass1 = $pass2 = '';
-    if ( isset( $_POST['pass1'] ))
-        $pass1 = wp_unslash( $_POST['pass1'] );
-    if ( isset( $_POST['pass2'] ))
-        $pass2 = wp_unslash( $_POST['pass2'] );
+    if ( isset( $_POST['pass1'] ) )
+        $pass1 = $_POST['pass1'];
+    if ( isset( $_POST['pass2'] ) )
+        $pass2 = $_POST['pass2'];
 
     if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
@@ -125 +125 @@
 
     /* Check for "\" in password */
-    if ( false !== strpos( stripslashes($pass1), "\\" ) )
+    if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) )
         $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
 
@@ -160 +160 @@
     } else {
         $user_id = wp_insert_user( $user );
-        wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? $pass1 : '' );
+        wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? wp_unslash( $pass1 ) : '' );
     }
     return $user_id;