Changeset 46640 for trunk/src/wp-login.php
- Timestamp:
- 11/03/2019 08:10:23 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-login.php
r46620 r46640 1033 1033 if ( $http_post ) { 1034 1034 if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) { 1035 $user_login = $_POST['user_login'];1035 $user_login = wp_unslash( $_POST['user_login'] ); 1036 1036 } 1037 1037 … … 1151 1151 // If the user wants SSL but the session is not SSL, force a secure cookie. 1152 1152 if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) { 1153 $user_name = sanitize_user( $_POST['log']);1153 $user_name = sanitize_user( wp_unslash( $_POST['log'] ) ); 1154 1154 $user = get_user_by( 'login', $user_name ); 1155 1155
Note: See TracChangeset
for help on using the changeset viewer.