Login and Registration: Remove redundant escaping in `wp-login.php`.

* `$user_login` in the `login` action is already escaped on output.
* `$user_login` and `$user_email` in the `register` action are already unslashed a few lines above.

Follow-up to [3120], [4339], [8454], [11104], [23416], [23554], [23594], [46640].

Props johnjamesjacoby, rajinsharwar, narenin.
Fixes #55335.
Built from https://develop.svn.wordpress.org/trunk@58623


git-svn-id: http://core.svn.wordpress.org/trunk@58056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2024-07-02 17:46:15 +00:00
parent b048f2a054
commit 144cc650b9
2 changed files with 4 additions and 4 deletions

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.7-alpha-58618'; $wp_version = '6.7-alpha-58623';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

View File

@ -1160,11 +1160,11 @@ switch ( $action ) {
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate"> <form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
<p> <p>
<label for="user_login"><?php _e( 'Username' ); ?></label> <label for="user_login"><?php _e( 'Username' ); ?></label>
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" /> <input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
</p> </p>
<p> <p>
<label for="user_email"><?php _e( 'Email' ); ?></label> <label for="user_email"><?php _e( 'Email' ); ?></label>
<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" /> <input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" autocomplete="email" required="required" />
</p> </p>
<?php <?php
@ -1482,7 +1482,7 @@ switch ( $action ) {
login_header( __( 'Log In' ), '', $errors ); login_header( __( 'Log In' ), '', $errors );
if ( isset( $_POST['log'] ) ) { if ( isset( $_POST['log'] ) ) {
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : ''; $user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? wp_unslash( $_POST['log'] ) : '';
} }
$rememberme = ! empty( $_POST['rememberme'] ); $rememberme = ! empty( $_POST['rememberme'] );