Make WordPress Core

Changeset 58623


Ignore:
Timestamp:
07/02/2024 05:44:50 PM (10 days ago)
Author:
SergeyBiryukov
Message:

Login and Registration: Remove redundant escaping in wp-login.php.

  • $user_login in the login action is already escaped on output.
  • $user_login and $user_email in the register action are already unslashed a few lines above.

Follow-up to [3120], [4339], [8454], [11104], [23416], [23554], [23594], [46640].

Props johnjamesjacoby, rajinsharwar, narenin.
Fixes #55335.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r58224 r58623  
    11611161            <p>
    11621162                <label for="user_login"><?php _e( 'Username' ); ?></label>
    1163                 <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
     1163                <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
    11641164            </p>
    11651165            <p>
    11661166                <label for="user_email"><?php _e( 'Email' ); ?></label>
    1167                 <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" />
     1167                <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" autocomplete="email" required="required" />
    11681168            </p>
    11691169            <?php
     
    14831483
    14841484        if ( isset( $_POST['log'] ) ) {
    1485             $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
     1485            $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? wp_unslash( $_POST['log'] ) : '';
    14861486        }
    14871487
Note: See TracChangeset for help on using the changeset viewer.