Make WordPress Core


Ignore:
Timestamp:
06/11/2014 07:53:25 PM (10 years ago)
Author:
wonderboymusic
Message:

Don't use variable variables in user-new.php. Test by causing errors when creating a new user.

See #27881.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-new.php

    r28642 r28745  
    340340<?php
    341341// Load up the passed data, else set to a default.
    342 foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',
    343                 'email' => 'email', 'url' => 'uri', 'role' => 'role', 'send_password' => 'send_password', 'noconfirmation' => 'ignore_pass' ) as $post_field => $var ) {
    344     $var = "new_user_$var";
    345     if( isset( $_POST['createuser'] ) ) {
    346         if ( ! isset($$var) )
    347             $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
    348     } else {
    349         $$var = false;
    350     }
    351 }
     342$creating = isset( $_POST['createuser'] );
     343
     344$new_user_login = $creating && isset( $_POST['user_login'] ) ? wp_unslash( $_POST['user_login'] ) : '';
     345$new_user_firstname = $creating && isset( $_POST['first_name'] ) ? wp_unslash( $_POST['first_name'] ) : '';
     346$new_user_lastname = $creating && isset( $_POST['last_name'] ) ? wp_unslash( $_POST['last_name'] ) : '';
     347$new_user_email = $creating && isset( $_POST['email'] ) ? wp_unslash( $_POST['email'] ) : '';
     348$new_user_uri = $creating && isset( $_POST['url'] ) ? wp_unslash( $_POST['url'] ) : '';
     349$new_user_role = $creating && isset( $_POST['role'] ) ? wp_unslash( $_POST['role'] ) : '';
     350$new_user_send_password = $creating && isset( $_POST['send_password'] ) ? wp_unslash( $_POST['send_password'] ) : '';
     351$new_user_ignore_pass = $creating && isset( $_POST['noconfirmation'] ) ? wp_unslash( $_POST['noconfirmation'] ) : '';
    352352
    353353?>
Note: See TracChangeset for help on using the changeset viewer.