From e49ffcfddd6b7be502ff8cb3c78eccadbdc49b61 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 25 Jun 2013 11:14:50 +0000 Subject: [PATCH] Revert to storing a hash of the slashed password. fixes #24367. see #17018. git-svn-id: https://develop.svn.wordpress.org/trunk@24508 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/user.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index bfd448f808..9e9d94494c 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -43,10 +43,10 @@ function edit_user( $user_id = 0 ) { $user->user_login = sanitize_user($_POST['user_login'], true); $pass1 = $pass2 = ''; - if ( isset( $_POST['pass1'] )) - $pass1 = wp_unslash( $_POST['pass1'] ); - if ( isset( $_POST['pass2'] )) - $pass2 = wp_unslash( $_POST['pass2'] ); + if ( isset( $_POST['pass1'] ) ) + $pass1 = $_POST['pass1']; + if ( isset( $_POST['pass2'] ) ) + $pass2 = $_POST['pass2']; if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { $new_role = sanitize_text_field( $_POST['role'] ); @@ -124,7 +124,7 @@ function edit_user( $user_id = 0 ) { } /* Check for "\" in password */ - if ( false !== strpos( stripslashes($pass1), "\\" ) ) + if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) $errors->add( 'pass', __( 'ERROR: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); /* checking the password has been typed twice the same */ @@ -159,7 +159,7 @@ function edit_user( $user_id = 0 ) { $user_id = wp_update_user( $user ); } else { $user_id = wp_insert_user( $user ); - wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? $pass1 : '' ); + wp_new_user_notification( $user_id, isset( $_POST['send_password'] ) ? wp_unslash( $pass1 ) : '' ); } return $user_id; }