Coding Standards: Improve escaping in `wp_login_form()`.
* Split long concatenated lines using `sprintf()`. This aims to improve readability and avoid multiple `esc_attr()` calls for the same value. * Escape the form `name` and `id` attributes. Follow-up to [12696], [18444], [19033]. Props sabbirshouvo, mukesh27, audrasjb, henry.wright, SergeyBiryukov. Fixes #54279. Built from https://develop.svn.wordpress.org/trunk@51926 git-svn-id: http://core.svn.wordpress.org/trunk@51519 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e791d7f5db
commit
4152fbfdb2
|
@ -576,25 +576,50 @@ function wp_login_form( $args = array() ) {
|
||||||
*/
|
*/
|
||||||
$login_form_bottom = apply_filters( 'login_form_bottom', '', $args );
|
$login_form_bottom = apply_filters( 'login_form_bottom', '', $args );
|
||||||
|
|
||||||
$form = '
|
$form =
|
||||||
<form name="' . $args['form_id'] . '" id="' . $args['form_id'] . '" action="' . esc_url( site_url( 'wp-login.php', 'login_post' ) ) . '" method="post">
|
sprintf(
|
||||||
' . $login_form_top . '
|
'<form name="%1$s" id="%1$s" action="%2$s" method="post">',
|
||||||
<p class="login-username">
|
esc_attr( $args['form_id'] ),
|
||||||
<label for="' . esc_attr( $args['id_username'] ) . '">' . esc_html( $args['label_username'] ) . '</label>
|
esc_url( site_url( 'wp-login.php', 'login_post' ) )
|
||||||
<input type="text" name="log" id="' . esc_attr( $args['id_username'] ) . '" class="input" value="' . esc_attr( $args['value_username'] ) . '" size="20" />
|
) .
|
||||||
</p>
|
$login_form_top .
|
||||||
<p class="login-password">
|
sprintf(
|
||||||
<label for="' . esc_attr( $args['id_password'] ) . '">' . esc_html( $args['label_password'] ) . '</label>
|
'<p class="login-username">
|
||||||
<input type="password" name="pwd" id="' . esc_attr( $args['id_password'] ) . '" class="input" value="" size="20" />
|
<label for="%1$s">%2$s</label>
|
||||||
</p>
|
<input type="text" name="log" id="%1$s" class="input" value="%3$s" size="20" />
|
||||||
' . $login_form_middle . '
|
</p>',
|
||||||
' . ( $args['remember'] ? '<p class="login-remember"><label><input name="rememberme" type="checkbox" id="' . esc_attr( $args['id_remember'] ) . '" value="forever"' . ( $args['value_remember'] ? ' checked="checked"' : '' ) . ' /> ' . esc_html( $args['label_remember'] ) . '</label></p>' : '' ) . '
|
esc_attr( $args['id_username'] ),
|
||||||
<p class="login-submit">
|
esc_html( $args['label_username'] ),
|
||||||
<input type="submit" name="wp-submit" id="' . esc_attr( $args['id_submit'] ) . '" class="button button-primary" value="' . esc_attr( $args['label_log_in'] ) . '" />
|
esc_attr( $args['value_username'] )
|
||||||
<input type="hidden" name="redirect_to" value="' . esc_url( $args['redirect'] ) . '" />
|
) .
|
||||||
</p>
|
sprintf(
|
||||||
' . $login_form_bottom . '
|
'<p class="login-password">
|
||||||
</form>';
|
<label for="%1$s">%2$s</label>
|
||||||
|
<input type="password" name="pwd" id="%1$s" class="input" value="" size="20" />
|
||||||
|
</p>',
|
||||||
|
esc_attr( $args['id_password'] ),
|
||||||
|
esc_html( $args['label_password'] )
|
||||||
|
) .
|
||||||
|
$login_form_middle .
|
||||||
|
( $args['remember'] ?
|
||||||
|
sprintf(
|
||||||
|
'<p class="login-remember"><label><input name="rememberme" type="checkbox" id="%1$s" value="forever"%2$s /> %3$s</label></p>',
|
||||||
|
esc_attr( $args['id_remember'] ),
|
||||||
|
( $args['value_remember'] ? ' checked="checked"' : '' ),
|
||||||
|
esc_html( $args['label_remember'] )
|
||||||
|
) : ''
|
||||||
|
) .
|
||||||
|
sprintf(
|
||||||
|
'<p class="login-submit">
|
||||||
|
<input type="submit" name="wp-submit" id="%1$s" class="button button-primary" value="%2$s" />
|
||||||
|
<input type="hidden" name="redirect_to" value="%3$s" />
|
||||||
|
</p>',
|
||||||
|
esc_attr( $args['id_submit'] ),
|
||||||
|
esc_attr( $args['label_log_in'] ),
|
||||||
|
esc_url( $args['redirect'] )
|
||||||
|
) .
|
||||||
|
$login_form_bottom .
|
||||||
|
'</form>';
|
||||||
|
|
||||||
if ( $args['echo'] ) {
|
if ( $args['echo'] ) {
|
||||||
echo $form;
|
echo $form;
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.9-alpha-51925';
|
$wp_version = '5.9-alpha-51926';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue