Changeset 11073 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

Timestamp:

06/29/2021 03:33:09 AM (5 years ago)

Author:

dd32

Message:

Login: Properly URL encode parameters before passing them in the URI for internal REST API requests.

This avoids PHP Notices when bots attempt to create accounts with linebreaks in the fields.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php

@@ -367 +367 @@
     ) {
         // Validate the email
-        $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . $new_email ) );
+        $error_user_email = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/email-in-use/' . urlencode( $new_email ) ) );
         if ( $error_user_email->get_data()['available'] ) {
             // Change their email, resend confirmation.