Don't use variable variables in `user-new.php`. Test by causing errors when creating a new user.

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28745


git-svn-id: http://core.svn.wordpress.org/trunk@28559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2014-06-11 19:54:13 +00:00
parent fd838ccb2b
commit 9a286d75fd
1 changed files with 10 additions and 10 deletions

View File

@ -339,16 +339,16 @@ if ( current_user_can( 'create_users') ) {
<?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ); ?>
<?php
// Load up the passed data, else set to a default.
foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',
'email' => 'email', 'url' => 'uri', 'role' => 'role', 'send_password' => 'send_password', 'noconfirmation' => 'ignore_pass' ) as $post_field => $var ) {
$var = "new_user_$var";
if( isset( $_POST['createuser'] ) ) {
if ( ! isset($$var) )
$$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
} else {
$$var = false;
}
}
$creating = isset( $_POST['createuser'] );
$new_user_login = $creating && isset( $_POST['user_login'] ) ? wp_unslash( $_POST['user_login'] ) : '';
$new_user_firstname = $creating && isset( $_POST['first_name'] ) ? wp_unslash( $_POST['first_name'] ) : '';
$new_user_lastname = $creating && isset( $_POST['last_name'] ) ? wp_unslash( $_POST['last_name'] ) : '';
$new_user_email = $creating && isset( $_POST['email'] ) ? wp_unslash( $_POST['email'] ) : '';
$new_user_uri = $creating && isset( $_POST['url'] ) ? wp_unslash( $_POST['url'] ) : '';
$new_user_role = $creating && isset( $_POST['role'] ) ? wp_unslash( $_POST['role'] ) : '';
$new_user_send_password = $creating && isset( $_POST['send_password'] ) ? wp_unslash( $_POST['send_password'] ) : '';
$new_user_ignore_pass = $creating && isset( $_POST['noconfirmation'] ) ? wp_unslash( $_POST['noconfirmation'] ) : '';
?>
<table class="form-table">