From 17d95a189bd43640a36f32c156860e24fdaa7c88 Mon Sep 17 00:00:00 2001 From: yuriinalivaiko Date: Tue, 4 Feb 2025 23:13:49 +0200 Subject: [PATCH] Task CU-86cxwy7ww - password sanitize has been changed to the standard WordPress one. --- includes/core/class-account.php | 16 +++++++++++++++- includes/core/class-form.php | 13 ++++++++++++- includes/core/class-password.php | 11 ++++++++++- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/includes/core/class-account.php b/includes/core/class-account.php index 65df44e9..889c9704 100644 --- a/includes/core/class-account.php +++ b/includes/core/class-account.php @@ -348,7 +348,21 @@ if ( ! class_exists( 'um\core\Account' ) ) { if ( um_submitting_account_page() ) { - UM()->form()->post_form = wp_unslash( $_POST ); + $formdata = wp_unslash( $_POST ); + if ( isset( $_POST['user_password'] ) ) { + $formdata['user_password'] = trim( $_POST['user_password'] ); + } + if ( isset( $_POST['confirm_user_password'] ) ) { + $formdata['confirm_user_password'] = trim( $_POST['confirm_user_password'] ); + } + if ( isset( $_POST['current_user_password'] ) ) { + $formdata['current_user_password'] = trim( $_POST['current_user_password'] ); + } + if ( isset( $_POST['single_user_password'] ) ) { + $formdata['single_user_password'] = trim( $_POST['single_user_password'] ); + } + + UM()->form()->post_form = $formdata; /** * UM hook diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 1cd407ed..0cdd0cc8 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -556,6 +556,17 @@ if ( ! class_exists( 'um\core\Form' ) ) { */ do_action( 'um_before_submit_form_post', $this ); + $formdata = wp_unslash( $_POST ); + if ( isset( $formdata['form_id'] ) ) { + $form_id = absint( $formdata['form_id'] ); + if ( isset( $_POST['user_password-' . $form_id] ) ) { + $formdata['user_password-' . $form_id] = trim( $_POST['user_password-' . $form_id] ); + } + if ( isset( $_POST['confirm_user_password-' . $form_id] ) ) { + $formdata['confirm_user_password-' . $form_id] = trim( $_POST['confirm_user_password-' . $form_id] ); + } + } + /* save entire form as global */ /** * Filters $_POST submitted data by the UM login, registration or profile form. @@ -574,7 +585,7 @@ if ( ! class_exists( 'um\core\Form' ) ) { * } * add_filter( 'um_submit_post_form', 'my_submit_post_form' ); */ - $this->post_form = apply_filters( 'um_submit_post_form', wp_unslash( $_POST ) ); + $this->post_form = apply_filters( 'um_submit_post_form', $formdata ); // Validate form submission by honeypot. if ( isset( $this->post_form[ UM()->honeypot ] ) && '' !== $this->post_form[ UM()->honeypot ] ) { diff --git a/includes/core/class-password.php b/includes/core/class-password.php index 7a02d7fa..07a3d5ac 100644 --- a/includes/core/class-password.php +++ b/includes/core/class-password.php @@ -337,7 +337,16 @@ if ( ! class_exists( 'um\core\Password' ) ) { } if ( $this->is_change_request() ) { - UM()->form()->post_form = wp_unslash( $_POST ); + + $formdata = wp_unslash( $_POST ); + if ( isset( $_POST['user_password'] ) ) { + $formdata['user_password'] = trim( $_POST['user_password'] ); + } + if ( isset( $_POST['confirm_user_password'] ) ) { + $formdata['confirm_user_password'] = trim( $_POST['confirm_user_password'] ); + } + + UM()->form()->post_form = $formdata; /** * UM hook