Changeset 29966
- Timestamp:
- 10/19/2014 08:29:33 PM (10 years ago)
- Location:
- trunk/src/wp-admin
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/user.php
r29206 r29966 64 64 65 65 if ( isset( $_POST['email'] )) 66 $user->user_email = sanitize_text_field( $_POST['email']);66 $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) ); 67 67 if ( isset( $_POST['url'] ) ) { 68 68 if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { -
trunk/src/wp-admin/network/user-new.php
r27469 r29966 39 39 wp_die( __( 'Cannot create an empty user.' ) ); 40 40 41 $user = $_POST['user'];41 $user = wp_unslash( $_POST['user'] ); 42 42 43 43 $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] ); … … 46 46 } else { 47 47 $password = wp_generate_password( 12, false); 48 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );48 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, sanitize_email( $user['email'] ) ); 49 49 50 50 if ( ! $user_id ) { -
trunk/src/wp-admin/user-new.php
r29962 r29966 42 42 43 43 $user_details = null; 44 if ( false !== strpos($_REQUEST[ 'email' ], '@') ) { 45 $user_details = get_user_by('email', $_REQUEST[ 'email' ]); 44 $user_email = wp_unslash( $_REQUEST['email'] ); 45 if ( false !== strpos( $user_email, '@' ) ) { 46 $user_details = get_user_by( 'email', $user_email ); 46 47 } else { 47 48 if ( is_super_admin() ) { 48 $user_details = get_user_by( 'login', $_REQUEST[ 'email' ]);49 $user_details = get_user_by( 'login', $user_email ); 49 50 } else { 50 51 wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) ); … … 113 114 } else { 114 115 // Adding a new user to this site 115 $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); 116 $new_user_email = wp_unslash( $_REQUEST['email'] ); 117 $user_details = wpmu_validate_user_signup( $_REQUEST['user_login'], $new_user_email ); 116 118 if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { 117 119 $add_user_errors = $user_details[ 'errors' ]; … … 129 131 add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email 130 132 } 131 wpmu_signup_user( $new_user_login, $ _REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role'] ) );133 wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) ); 132 134 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { 133 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $ _REQUEST[ 'email' ]) );135 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); 134 136 wpmu_activate_signup( $key ); 135 137 $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
Note: See TracChangeset
for help on using the changeset viewer.