WordPress.org

Make WordPress Core

Changeset 37474


Ignore:
Timestamp:
05/20/2016 07:20:44 PM (3 years ago)
Author:
boonebgorges
Message:

During password reset, user-submitted login/email should be stripslashed.

This prevents errors when an email address contains an apostrophe. See [29966]
for similar treatment of a related problem.

Props dcavins.
Fixes #36322.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r37243 r37474  
    295295        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.'));
    296296    } elseif ( strpos( $_POST['user_login'], '@' ) ) {
    297         $user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
     297        $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
    298298        if ( empty( $user_data ) )
    299299            $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
Note: See TracChangeset for help on using the changeset viewer.