WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/19/2014 08:29:33 PM (5 years ago)
Author:
boonebgorges
Message:

Allow apostrophes in email addresses when adding users via the Dashboard.

Email addresses entered in a number of interfaces were not being stripslashed
properly, with the result that the emails were not being recognized as valid.

Fixes #18039.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-new.php

    r29962 r29966  
    4242
    4343    $user_details = null;
    44     if ( false !== strpos($_REQUEST[ 'email' ], '@') ) {
    45         $user_details = get_user_by('email', $_REQUEST[ 'email' ]);
     44    $user_email = wp_unslash( $_REQUEST['email'] );
     45    if ( false !== strpos( $user_email, '@' ) ) {
     46        $user_details = get_user_by( 'email', $user_email );
    4647    } else {
    4748        if ( is_super_admin() ) {
    48             $user_details = get_user_by('login', $_REQUEST[ 'email' ]);
     49            $user_details = get_user_by( 'login', $user_email );
    4950        } else {
    5051            wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) );
     
    113114    } else {
    114115        // Adding a new user to this site
    115         $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
     116        $new_user_email = wp_unslash( $_REQUEST['email'] );
     117        $user_details = wpmu_validate_user_signup( $_REQUEST['user_login'], $new_user_email );
    116118        if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
    117119            $add_user_errors = $user_details[ 'errors' ];
     
    129131                add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email
    130132            }
    131             wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) );
     133            wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
    132134            if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
    133                 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) );
     135                $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
    134136                wpmu_activate_signup( $key );
    135137                $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
Note: See TracChangeset for help on using the changeset viewer.