From eb2356983583207b168f06f3440bacf2f495e670 Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Wed, 11 Jun 2014 19:53:25 +0000 Subject: [PATCH] Don't use variable variables in `user-new.php`. Test by causing errors when creating a new user. See #27881. git-svn-id: https://develop.svn.wordpress.org/trunk@28745 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/user-new.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/wp-admin/user-new.php b/src/wp-admin/user-new.php index 9c8e9ea763..04cd108050 100644 --- a/src/wp-admin/user-new.php +++ b/src/wp-admin/user-new.php @@ -339,16 +339,16 @@ if ( current_user_can( 'create_users') ) { 'login', 'first_name' => 'firstname', 'last_name' => 'lastname', - 'email' => 'email', 'url' => 'uri', 'role' => 'role', 'send_password' => 'send_password', 'noconfirmation' => 'ignore_pass' ) as $post_field => $var ) { - $var = "new_user_$var"; - if( isset( $_POST['createuser'] ) ) { - if ( ! isset($$var) ) - $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : ''; - } else { - $$var = false; - } -} +$creating = isset( $_POST['createuser'] ); + +$new_user_login = $creating && isset( $_POST['user_login'] ) ? wp_unslash( $_POST['user_login'] ) : ''; +$new_user_firstname = $creating && isset( $_POST['first_name'] ) ? wp_unslash( $_POST['first_name'] ) : ''; +$new_user_lastname = $creating && isset( $_POST['last_name'] ) ? wp_unslash( $_POST['last_name'] ) : ''; +$new_user_email = $creating && isset( $_POST['email'] ) ? wp_unslash( $_POST['email'] ) : ''; +$new_user_uri = $creating && isset( $_POST['url'] ) ? wp_unslash( $_POST['url'] ) : ''; +$new_user_role = $creating && isset( $_POST['role'] ) ? wp_unslash( $_POST['role'] ) : ''; +$new_user_send_password = $creating && isset( $_POST['send_password'] ) ? wp_unslash( $_POST['send_password'] ) : ''; +$new_user_ignore_pass = $creating && isset( $_POST['noconfirmation'] ) ? wp_unslash( $_POST['noconfirmation'] ) : ''; ?>