Login and Registration: Remove redundant escaping in `wp-login.php`.
* `$user_login` in the `login` action is already escaped on output. * `$user_login` and `$user_email` in the `register` action are already unslashed a few lines above. Follow-up to [3120], [4339], [8454], [11104], [23416], [23554], [23594], [46640]. Props johnjamesjacoby, rajinsharwar, narenin. Fixes #55335. Built from https://develop.svn.wordpress.org/trunk@58623 git-svn-id: http://core.svn.wordpress.org/trunk@58056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b048f2a054
commit
144cc650b9
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.7-alpha-58618';
|
$wp_version = '6.7-alpha-58623';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
|
@ -1160,11 +1160,11 @@ switch ( $action ) {
|
||||||
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
|
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
|
||||||
<p>
|
<p>
|
||||||
<label for="user_login"><?php _e( 'Username' ); ?></label>
|
<label for="user_login"><?php _e( 'Username' ); ?></label>
|
||||||
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
|
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label for="user_email"><?php _e( 'Email' ); ?></label>
|
<label for="user_email"><?php _e( 'Email' ); ?></label>
|
||||||
<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" />
|
<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" autocomplete="email" required="required" />
|
||||||
</p>
|
</p>
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
@ -1482,7 +1482,7 @@ switch ( $action ) {
|
||||||
login_header( __( 'Log In' ), '', $errors );
|
login_header( __( 'Log In' ), '', $errors );
|
||||||
|
|
||||||
if ( isset( $_POST['log'] ) ) {
|
if ( isset( $_POST['log'] ) ) {
|
||||||
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
|
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? wp_unslash( $_POST['log'] ) : '';
|
||||||
}
|
}
|
||||||
|
|
||||||
$rememberme = ! empty( $_POST['rememberme'] );
|
$rememberme = ! empty( $_POST['rememberme'] );
|
||||||
|
|
Loading…
Reference in New Issue