Skip to:
Content

BuddyPress.org

Ticket #7594: 7594.patch

File 7594.patch, 682 bytes (added by JohnPBloch, 7 years ago)
  • src/bp-settings/bp-settings-actions.php

     
    135135
    136136                if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
    137137
    138                         if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) {
     138                        if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . wp_unslash( $_POST['pass1'] ), "\\" ) ) {
    139139
    140140                                // Password change attempt is successful.
    141141                                if ( ( ! empty( $_POST['pwd'] ) && $_POST['pwd'] != $_POST['pass1'] ) || is_super_admin() )  {