From a87271af60113d46ab3866b1e525a1817bce742d Mon Sep 17 00:00:00 2001
From: whyisjake <whyisjake@git.wordpress.org>
Date: Sun, 3 Nov 2019 20:12:02 +0000
Subject: [PATCH] Login and Registration: Allow email logins to be more
 flexible.

Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen.

Fixes #38744
Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake.


Built from https://develop.svn.wordpress.org/trunk@46640


git-svn-id: http://core.svn.wordpress.org/trunk@46440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/user.php | 2 +-
 wp-includes/user.php       | 2 +-
 wp-includes/version.php    | 2 +-
 wp-login.php               | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index e4af0548d9..20fbcd851f 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -41,7 +41,7 @@ function edit_user( $user_id = 0 ) {
 	}
 
 	if ( ! $update && isset( $_POST['user_login'] ) ) {
-		$user->user_login = sanitize_user( $_POST['user_login'], true );
+		$user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
 	}
 
 	$pass1 = '';
diff --git a/wp-includes/user.php b/wp-includes/user.php
index 505048e57a..44b802b5fa 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -35,7 +35,7 @@ function wp_signon( $credentials = array(), $secure_cookie = '' ) {
 		$credentials = array(); // Back-compat for plugins passing an empty string.
 
 		if ( ! empty( $_POST['log'] ) ) {
-			$credentials['user_login'] = $_POST['log'];
+			$credentials['user_login'] = wp_unslash( $_POST['log'] );
 		}
 		if ( ! empty( $_POST['pwd'] ) ) {
 			$credentials['user_password'] = $_POST['pwd'];
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 5b775d82e0..5b0d0db53a 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.4-alpha-46638';
+$wp_version = '5.4-alpha-46640';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-login.php b/wp-login.php
index ee0e212e2c..ff70d59492 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -1032,7 +1032,7 @@ switch ( $action ) {
 
 		if ( $http_post ) {
 			if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
-				$user_login = $_POST['user_login'];
+				$user_login = wp_unslash( $_POST['user_login'] );
 			}
 
 			if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) {
@@ -1150,7 +1150,7 @@ switch ( $action ) {
 
 		// If the user wants SSL but the session is not SSL, force a secure cookie.
 		if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
-			$user_name = sanitize_user( $_POST['log'] );
+			$user_name = sanitize_user( wp_unslash( $_POST['log'] ) );
 			$user      = get_user_by( 'login', $user_name );
 
 			if ( ! $user && strpos( $user_name, '@' ) ) {