Changeset 12075 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/login.php

Timestamp:

09/20/2022 06:25:36 AM (3 years ago)

Author:

dd32

Message:

Login: Check the data type of the passed data, this prevents PHP Notices when junk input is provided to the public login/register forms.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/login.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/login.php

@@ -10 +10 @@
 // Prefill the username if possible.
 $username = $_REQUEST['user'] ?? ( wp_parse_auth_cookie()['username'] ?? '' );
+if ( ! is_string( $username ) ) {
+    $username = '';
+}
 
 // Redirect is validated at redirect time, just pass through whatever we can.
-if ( !empty( $_REQUEST['redirect_to'] ) ) {
+if ( ! empty( $_REQUEST['redirect_to'] ) ) {
     $redirect = wp_unslash( $_REQUEST['redirect_to'] );
 } elseif ( $referer = wp_get_referer() ) {