vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

During password reset, user-submitted login/email should be stripslashed.

Browse Source 
This prevents errors when an email address contains an apostrophe. See [29966]
for similar treatment of a related problem.

Props dcavins.
Fixes #36322.

git-svn-id: https://develop.svn.wordpress.org/trunk@37474 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Boone Gorges
2016-05-20 19:20:44 +00:00
parent e7c3dda9e9
commit 91f18f3d45
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-login.php
View File

@@ -294,7 +294,7 @@ function retrieve_password() {
if ( empty( $_POST['user_login'] ) ) {
$errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or email address.'));
} elseif ( strpos( $_POST['user_login'], '@' ) ) {
$user_data = get_user_by( 'email', trim( $_POST['user_login'] ) );
$user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
if ( empty( $user_data ) )
$errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
} else {