Make WordPress Core

Changeset 44611


Ignore:
Timestamp:
01/16/2019 04:26:48 AM (6 years ago)
Author:
pento
Message:

Users: Add extra checking to wp_new_user_notification().

Prevent a notification from being sent when an unrecognised value is passed in the $notify parameter.

Props cthreelabs, 360zen.
Fixes #44293.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r44386 r44611  
    18951895        }
    18961896
     1897        // Accepts only 'user', 'admin' , 'both' or default '' as $notify
     1898        if ( ! in_array( $notify, array( 'user', 'admin', 'both', '' ), true ) ) {
     1899            return;
     1900        }
     1901
    18971902        global $wpdb, $wp_hasher;
    18981903        $user = get_userdata( $user_id );
  • trunk/tests/phpunit/tests/user.php

    r44573 r44611  
    11701170                true,
    11711171            ),
     1172            array(
     1173                'THIS IS NOT A SUPPORTED NOTIFICATION TYPE',
     1174                false,
     1175                false,
     1176            ),
    11721177        );
    11731178    }
Note: See TracChangeset for help on using the changeset viewer.