WordPress.org

Make WordPress Core

Changeset 46640


Ignore:
Timestamp:
11/03/2019 08:10:23 PM (2 weeks ago)
Author:
whyisjake
Message:

Login and Registration: Allow email logins to be more flexible.

Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.

Fixes #38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r45932 r46640  
    4242
    4343    if ( ! $update && isset( $_POST['user_login'] ) ) {
    44         $user->user_login = sanitize_user( $_POST['user_login'], true );
     44        $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
    4545    }
    4646
  • trunk/src/wp-includes/user.php

    r46417 r46640  
    3636
    3737        if ( ! empty( $_POST['log'] ) ) {
    38             $credentials['user_login'] = $_POST['log'];
     38            $credentials['user_login'] = wp_unslash( $_POST['log'] );
    3939        }
    4040        if ( ! empty( $_POST['pwd'] ) ) {
  • trunk/src/wp-login.php

    r46620 r46640  
    10331033        if ( $http_post ) {
    10341034            if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
    1035                 $user_login = $_POST['user_login'];
     1035                $user_login = wp_unslash( $_POST['user_login'] );
    10361036            }
    10371037
     
    11511151        // If the user wants SSL but the session is not SSL, force a secure cookie.
    11521152        if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
    1153             $user_name = sanitize_user( $_POST['log'] );
     1153            $user_name = sanitize_user( wp_unslash( $_POST['log'] ) );
    11541154            $user      = get_user_by( 'login', $user_name );
    11551155
  • trunk/tests/phpunit/tests/user.php

    r46586 r46640  
    3636        self::$user_ids[] = self::$contrib_id;
    3737
     38        self::$user_ids[] = $factory->user->create(
     39            array(
     40                'user_login'    => "testemailaddress'@test.com",
     41                'user_nicename' => 'user_email_with_apostrophe',
     42                'user_pass'     => 'password',
     43                'first_name'    => 'John',
     44                'last_name'     => 'Doe',
     45                'display_name'  => 'John Doe',
     46                'user_email'    => "testemailaddress'@test.com",
     47                'user_url'      => 'http://tacos.com',
     48                'role'          => 'contributor',
     49                'nickname'      => 'Johnny',
     50                'description'   => 'I am a WordPress user that cares about privacy.',
     51            )
     52        );
     53
    3854        self::$author_id  = $factory->user->create(
    3955            array(
     
    6480
    6581        $this->author = clone self::$_author;
     82    }
     83
     84    public function test_that_you_can_login_with_an_email_that_has_apostrophe() {
     85
     86        //create the user with an email that has an apostrophe (see test setup)
     87
     88        //login as the user
     89        $credentials = [
     90            'user_login'    => "testemailaddress'@test.com",
     91            'user_password' => 'password',
     92        ];
     93
     94        //attempt to login
     95        $user = wp_signon( $credentials );
     96
     97        //assert that login was successfull
     98        //if the login fails, an instance of WP_Error is returned rather than User object
     99        $this->assertNotWPError( $user );
    66100    }
    67101
Note: See TracChangeset for help on using the changeset viewer.