Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-10 21:00:59 +01:00
Code Issues Projects Releases Wiki Activity

Login and Registration: Remove redundant escaping in wp-login.php.

Browse Source 
* `$user_login` in the `login` action is already escaped on output.
* `$user_login` and `$user_email` in the `register` action are already unslashed a few lines above.

Follow-up to [3120], [4339], [8454], [11104], [23416], [23554], [23594], [46640].

Props johnjamesjacoby, rajinsharwar, narenin.
Fixes #55335.
Built from https://develop.svn.wordpress.org/trunk@58623


git-svn-id: http://core.svn.wordpress.org/trunk@58056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2024-07-02 17:46:15 +00:00
parent b048f2a054
commit 144cc650b9
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
*
* @global string $wp_version
*/
$wp_version = '6.7-alpha-58618';
$wp_version = '6.7-alpha-58623';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

6
wp-login.php
View File

@ -1160,11 +1160,11 @@ switch ( $action ) {
<form name="registerform" id="registerform" action="<?php echo esc_url( site_url( 'wp-login.php?action=register', 'login_post' ) ); ?>" method="post" novalidate="novalidate">
<p>
<label for="user_login"><?php _e( 'Username' ); ?></label>
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( wp_unslash( $user_login ) ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
<input type="text" name="user_login" id="user_login" class="input" value="<?php echo esc_attr( $user_login ); ?>" size="20" autocapitalize="off" autocomplete="username" required="required" />
</p>
<p>
<label for="user_email"><?php _e( 'Email' ); ?></label>
<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( wp_unslash( $user_email ) ); ?>" size="25" autocomplete="email" required="required" />
<input type="email" name="user_email" id="user_email" class="input" value="<?php echo esc_attr( $user_email ); ?>" size="25" autocomplete="email" required="required" />
</p>
<?php
@ -1482,7 +1482,7 @@ switch ( $action ) {
login_header( __( 'Log In' ), '', $errors );
if ( isset( $_POST['log'] ) ) {
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
$user_login = ( 'incorrect_password' === $errors->get_error_code() || 'empty_password' === $errors->get_error_code() ) ? wp_unslash( $_POST['log'] ) : '';
}
$rememberme = ! empty( $_POST['rememberme'] );