WordPress.org

Make WordPress Core

Changeset 24508


Ignore:
Timestamp:
06/25/13 11:14:50 (10 months ago)
Author:
SergeyBiryukov
Message:

Revert to storing a hash of the slashed password. fixes #24367. see #17018.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/user.php

    r24125 r24508  
    4444 
    4545    $pass1 = $pass2 = ''; 
    46     if ( isset( $_POST['pass1'] )) 
    47         $pass1 = wp_unslash( $_POST['pass1'] ); 
    48     if ( isset( $_POST['pass2'] )) 
    49         $pass2 = wp_unslash( $_POST['pass2'] ); 
     46    if ( isset( $_POST['pass1'] ) ) 
     47        $pass1 = $_POST['pass1']; 
     48    if ( isset( $_POST['pass2'] ) ) 
     49        $pass2 = $_POST['pass2']; 
    5050 
    5151    if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { 
     
    125125 
    126126    /* Check for "\" in password */ 
    127     if ( false !== strpos( stripslashes($pass1), "\\" ) ) 
     127    if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) 
    128128        $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); 
    129129 
     
    160160    } else { 
    161161        $user_id = wp_insert_user( $user ); 
    162         wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? $pass1 : '' ); 
     162        wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? wp_unslash( $pass1 ) : '' ); 
    163163    } 
    164164    return $user_id; 
Note: See TracChangeset for help on using the changeset viewer.