Make WordPress Core

Opened 21 months ago

Last modified 2 months ago

#55335 new defect (bug)

$user_login double escaped with incorrect/empty password in wp-login.php

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords:
Focuses: Cc:

Description

First:

		if ( isset( $_POST['log'] ) ) {
			$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
		}

Then:

<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" />

Fix is to late escape only, and remove the top one.

Change History (6)

#1 @johnjamesjacoby
21 months ago

Relatedly, 'register' action is double wp_unslash()ing $user_email and $user_login.

#2 @rajinsharwar
4 months ago

  • Keywords needs-dev-note added
  • Milestone changed from Awaiting Review to 6.4

#3 @rajinsharwar
4 months ago

  • Milestone changed from 6.4 to Awaiting Review

#4 @rajinsharwar
4 months ago

Lets see what others think about it.

Last edited 2 months ago by rajinsharwar (previous) (diff)

#5 @rajinsharwar
2 months ago

  • Keywords needs-dev-note removed

This ticket was mentioned in Slack in #core by rajinsharwar. View the logs.


2 months ago

Note: See TracTickets for help on using tickets.