When adding a new user in the admin, strip slashes from the password sent to the user by email. props hakre for initial patch. fixes #17018.
git-svn-id: https://develop.svn.wordpress.org/trunk@23634 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
3213c4ca46
commit
7e7cf2bb94
|
@ -44,9 +44,9 @@ function edit_user( $user_id = 0 ) {
|
||||||
|
|
||||||
$pass1 = $pass2 = '';
|
$pass1 = $pass2 = '';
|
||||||
if ( isset( $_POST['pass1'] ))
|
if ( isset( $_POST['pass1'] ))
|
||||||
$pass1 = $_POST['pass1'];
|
$pass1 = wp_unslash( $_POST['pass1'] );
|
||||||
if ( isset( $_POST['pass2'] ))
|
if ( isset( $_POST['pass2'] ))
|
||||||
$pass2 = $_POST['pass2'];
|
$pass2 = wp_unslash( $_POST['pass2'] );
|
||||||
|
|
||||||
if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
|
if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
|
||||||
$new_role = sanitize_text_field( $_POST['role'] );
|
$new_role = sanitize_text_field( $_POST['role'] );
|
||||||
|
|
Loading…
Reference in New Issue