Making WordPress.org

Changeset 11073


Ignore:
Timestamp:
06/29/2021 03:33:09 AM (3 years ago)
Author:
dd32
Message:

Login: Properly URL encode parameters before passing them in the URI for internal REST API requests.

This avoids PHP Notices when bots attempt to create accounts with linebreaks in the fields.

Location:
sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

    r10990 r11073  
    367367    ) {
    368368        // Validate the email
    369         $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . $new_email ) );
     369        $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . urlencode( $new_email ) ) );
    370370        if ( $error_user_email->get_data()['available'] ) {
    371371            // Change their email, resend confirmation.
  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php

    r11046 r11073  
    2424if ( $_POST ) {
    2525
    26     $error_user_login = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/username-available/' . $user_login ) );
     26    $error_user_login = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/username-available/' . urlencode( $user_login ) ) );
    2727    if ( $error_user_login->get_data()['available'] ) {
    2828        $error_user_login = false;
    2929    }
    3030
    31     $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . $user_email ) );
     31    $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . urlencode( $user_email ) ) );
    3232    if ( $error_user_email->get_data()['available'] ) {
    3333        $error_user_email = false;
Note: See TracChangeset for help on using the changeset viewer.