Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
09/27/2017 09:56:42 AM (7 years ago)
Author:
djpaul
Message:

Core: strip slashes from passwords before checking for backslashes.

Fixes #7594

Props JohnPBloch

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-settings/bp-settings-actions.php

    r11697 r11704  
    136136        if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
    137137
    138             if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) {
     138            if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . wp_unslash( $_POST['pass1'] ), "\\" ) ) {
    139139
    140140                // Password change attempt is successful.
Note: See TracChangeset for help on using the changeset viewer.