Opened 15 months ago
Last modified 15 months ago
#55335 new defect (bug)
$user_login double escaped with incorrect/empty password in wp-login.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Login and Registration | Keywords: | |
| Focuses: | Cc: |
Description
First:
if ( isset( $_POST['log'] ) ) {
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
}
Then:
<input type="text" name="log" id="user_login"<?php echo $aria_describedby_error; ?> class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" />
Fix is to late escape only, and remove the top one.
Note: See
TracTickets for help on using
tickets.
Relatedly,
'register'action is doublewp_unslash()ing$user_emailand$user_login.