Index: wp-login.php =================================================================== --- wp-login.php (revision 23539) +++ wp-login.php (working copy) @@ -399,7 +399,7 @@ } // 10 days - setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( wp_unslash( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); + setcookie( 'wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword( stripslashes( $_POST['post_password'] ) ), time() + 10 * DAY_IN_SECONDS, COOKIEPATH ); wp_safe_redirect( wp_get_referer() ); exit(); @@ -434,7 +434,7 @@ do_action('lost_password'); login_header(__('Lost Password'), '
', $errors); - $user_login = isset($_POST['user_login']) ? wp_unslash($_POST['user_login']) : ''; + $user_login = isset($_POST['user_login']) ? stripslashes($_POST['user_login']) : ''; ?> @@ -533,8 +533,8 @@ $user_login = ''; $user_email = ''; if ( $http_post ) { - $user_login = wp_unslash( $_POST['user_login'] ); - $user_email = wp_unslash( $_POST['user_email'] ); + $user_login = $_POST['user_login']; + $user_email = $_POST['user_email']; $errors = register_new_user($user_login, $user_email); if ( !is_wp_error($errors) ) { $redirect_to = !empty( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : 'wp-login.php?checkemail=registered'; @@ -550,11 +550,11 @@