mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-17 13:43:38 +09:00
Refactor password handling to bypass wp_unslash.
Introduce a dedicated method to handle password fields securely, avoiding `wp_unslash` for these fields. This enhances consistency and security when processing form data across the plugin.
This commit is contained in:
@@ -339,12 +339,13 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
if ( $this->is_change_request() ) {
|
||||
|
||||
$formdata = wp_unslash( $_POST );
|
||||
if ( isset( $_POST['user_password'] ) ) {
|
||||
$formdata['user_password'] = trim( $_POST['user_password'] );
|
||||
}
|
||||
if ( isset( $_POST['confirm_user_password'] ) ) {
|
||||
$formdata['confirm_user_password'] = trim( $_POST['confirm_user_password'] );
|
||||
}
|
||||
|
||||
// Don't un-slash passwords in manner of WordPress native password field.
|
||||
$fields_map = array(
|
||||
'user_password',
|
||||
'confirm_user_password',
|
||||
);
|
||||
$formdata = UM()->form()::ignore_formdata_unslash( $formdata, $fields_map );
|
||||
|
||||
UM()->form()->post_form = $formdata;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user