Revert to storing a hash of the slashed password. fixes #24367. see #17018.

git-svn-id: https://develop.svn.wordpress.org/trunk@24508 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-25 11:14:50 +00:00 · 2013-06-25 11:14:50 +00:00 · e49ffcfddd
parent 6fc38f8160
commit e49ffcfddd
1 changed files with 6 additions and 6 deletions
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@ -43,10 +43,10 @@ function edit_user( $user_id = 0 ) {
 		$user->user_login = sanitize_user($_POST['user_login'], true);

 	$pass1 = $pass2 = '';
-	if ( isset( $_POST['pass1'] ))
-		$pass1 = wp_unslash( $_POST['pass1'] );
-	if ( isset( $_POST['pass2'] ))
-		$pass2 = wp_unslash( $_POST['pass2'] );
+	if ( isset( $_POST['pass1'] ) )
+		$pass1 = $_POST['pass1'];
+	if ( isset( $_POST['pass2'] ) )
+		$pass2 = $_POST['pass2'];

 	if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
 		$new_role = sanitize_text_field( $_POST['role'] );
@ -124,7 +124,7 @@ function edit_user( $user_id = 0 ) {
 	}

 	/* Check for "\" in password */
-	if ( false !== strpos( stripslashes($pass1), "\\" ) )
+	if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) )
 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );

 	/* checking the password has been typed twice the same */
@ -159,7 +159,7 @@ function edit_user( $user_id = 0 ) {
 		$user_id = wp_update_user( $user );
 	} else {
 		$user_id = wp_insert_user( $user );
-		wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? $pass1 : '' );
+		wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? wp_unslash( $pass1 ) : '' );
 	}
 	return $user_id;
 }