Changeset 59595 for trunk/src/wp-includes/user.php

Timestamp:

01/09/2025 07:41:47 PM (6 months ago)

Author:

SergeyBiryukov

Message:

Login and Registration: Check that the $_POST values are strings in wp_signon().

This prevents a fatal error from trim() via wp_authenticate() if an array is passed instead.

Follow-up to [6643], [58093].

Props leedxw, audrasjb, SergeyBiryukov.
Fixes #62794.

File:

• trunk/src/wp-includes/user.php (modified) (1 diff)

trunk/src/wp-includes/user.php

@@ -49 +49 @@
         );
 
-        if ( ! empty( $_POST['log'] ) ) {
+        if ( ! empty( $_POST['log'] ) && is_string( $_POST['log'] ) ) {
             $credentials['user_login'] = wp_unslash( $_POST['log'] );
         }
-        if ( ! empty( $_POST['pwd'] ) ) {
+        if ( ! empty( $_POST['pwd'] ) && is_string( $_POST['pwd'] ) ) {
             $credentials['user_password'] = $_POST['pwd'];
         }