WordPress.org

Make WordPress Core

Changeset 29966


Ignore:
Timestamp:
10/19/2014 08:29:33 PM (5 years ago)
Author:
boonebgorges
Message:

Allow apostrophes in email addresses when adding users via the Dashboard.

Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.

Fixes #18039.

Location:
trunk/src/wp-admin
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r29206 r29966  
    6464
    6565    if ( isset( $_POST['email'] ))
    66         $user->user_email = sanitize_text_field( $_POST['email'] );
     66        $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
    6767    if ( isset( $_POST['url'] ) ) {
    6868        if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
  • trunk/src/wp-admin/network/user-new.php

    r27469 r29966  
    3939        wp_die( __( 'Cannot create an empty user.' ) );
    4040
    41     $user = $_POST['user'];
     41    $user = wp_unslash( $_POST['user'] );
    4242
    4343    $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] );
     
    4646    } else {
    4747        $password = wp_generate_password( 12, false);
    48         $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );
     48        $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, sanitize_email( $user['email'] ) );
    4949
    5050        if ( ! $user_id ) {
  • trunk/src/wp-admin/user-new.php

    r29962 r29966  
    4242
    4343    $user_details = null;
    44     if ( false !== strpos($_REQUEST[ 'email' ], '@') ) {
    45         $user_details = get_user_by('email', $_REQUEST[ 'email' ]);
     44    $user_email = wp_unslash( $_REQUEST['email'] );
     45    if ( false !== strpos( $user_email, '@' ) ) {
     46        $user_details = get_user_by( 'email', $user_email );
    4647    } else {
    4748        if ( is_super_admin() ) {
    48             $user_details = get_user_by('login', $_REQUEST[ 'email' ]);
     49            $user_details = get_user_by( 'login', $user_email );
    4950        } else {
    5051            wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) );
     
    113114    } else {
    114115        // Adding a new user to this site
    115         $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
     116        $new_user_email = wp_unslash( $_REQUEST['email'] );
     117        $user_details = wpmu_validate_user_signup( $_REQUEST['user_login'], $new_user_email );
    116118        if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
    117119            $add_user_errors = $user_details[ 'errors' ];
     
    129131                add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email
    130132            }
    131             wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
     133            wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
    132134            if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
    133                 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) );
     135                $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
    134136                wpmu_activate_signup( $key );
    135137                $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
Note: See TracChangeset for help on using the changeset viewer.