Index: wp-login.php =================================================================== --- wp-login.php (revision 23403) +++ wp-login.php (working copy) @@ -396,7 +396,7 @@ } // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -431,7 +431,7 @@ do_action('lost_password'); login_header(__('Lost Password'), '
', $errors); - $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; + $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; ?> @@ -530,8 +530,8 @@ $user_login = ''; $user_email = ''; if ( $http_post ) { - $user_login = $_POST['user_login']; - $user_email = $_POST['user_email']; + $user_login = wp_unslash( $_POST['user_login'] ); + $user_email = wp_unslash( $_POST['user_email'] ); $errors = register_new_user($user_login, $user_email); if ( !is_wp_error($errors) ) { $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; @@ -547,11 +547,11 @@