Changeset 46640
- Timestamp:
- 11/03/2019 08:10:23 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/user.php
r45932 r46640 42 42 43 43 if ( ! $update && isset( $_POST['user_login'] ) ) { 44 $user->user_login = sanitize_user( $_POST['user_login'], true );44 $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true ); 45 45 } 46 46 -
trunk/src/wp-includes/user.php
r46417 r46640 36 36 37 37 if ( ! empty( $_POST['log'] ) ) { 38 $credentials['user_login'] = $_POST['log'];38 $credentials['user_login'] = wp_unslash( $_POST['log'] ); 39 39 } 40 40 if ( ! empty( $_POST['pwd'] ) ) { -
trunk/src/wp-login.php
r46620 r46640 1033 1033 if ( $http_post ) { 1034 1034 if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { 1035 $user_login = $_POST['user_login'];1035 $user_login = wp_unslash( $_POST['user_login'] ); 1036 1036 } 1037 1037 … … 1151 1151 // If the user wants SSL but the session is not SSL, force a secure cookie. 1152 1152 if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { 1153 $user_name = sanitize_user( $_POST['log']);1153 $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); 1154 1154 $user = get_user_by( 'login', $user_name ); 1155 1155 -
trunk/tests/phpunit/tests/user.php
r46586 r46640 36 36 self::$user_ids[] = self::$contrib_id; 37 37 38 self::$user_ids[] = $factory->user->create( 39 array( 40 'user_login' => "testemailaddress'@test.com", 41 'user_nicename' => 'user_email_with_apostrophe', 42 'user_pass' => 'password', 43 'first_name' => 'John', 44 'last_name' => 'Doe', 45 'display_name' => 'John Doe', 46 'user_email' => "testemailaddress'@test.com", 47 'user_url' => 'http://tacos.com', 48 'role' => 'contributor', 49 'nickname' => 'Johnny', 50 'description' => 'I am a WordPress user that cares about privacy.', 51 ) 52 ); 53 38 54 self::$author_id = $factory->user->create( 39 55 array( … … 64 80 65 81 $this->author = clone self::$_author; 82 } 83 84 public function test_that_you_can_login_with_an_email_that_has_apostrophe() { 85 86 //create the user with an email that has an apostrophe (see test setup) 87 88 //login as the user 89 $credentials = [ 90 'user_login' => "testemailaddress'@test.com", 91 'user_password' => 'password', 92 ]; 93 94 //attempt to login 95 $user = wp_signon( $credentials ); 96 97 //assert that login was successfull 98 //if the login fails, an instance of WP_Error is returned rather than User object 99 $this->assertNotWPError( $user ); 66 100 } 67 101
Note: See TracChangeset
for help on using the changeset viewer.