Make WordPress Core


Ignore:
Timestamp:
11/03/2019 08:10:23 PM (5 years ago)
Author:
whyisjake
Message:

Login and Registration: Allow email logins to be more flexible.

Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.

Fixes #38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r46620 r46640  
    10331033        if ( $http_post ) {
    10341034            if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
    1035                 $user_login = $_POST['user_login'];
     1035                $user_login = wp_unslash( $_POST['user_login'] );
    10361036            }
    10371037
     
    11511151        // If the user wants SSL but the session is not SSL, force a secure cookie.
    11521152        if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
    1153             $user_name = sanitize_user( $_POST['log'] );
     1153            $user_name = sanitize_user( wp_unslash( $_POST['log'] ) );
    11541154            $user      = get_user_by( 'login', $user_name );
    11551155
Note: See TracChangeset for help on using the changeset viewer.