Make WordPress Core

Changeset 3630


Ignore:
Timestamp:
03/07/2006 07:06:43 AM (18 years ago)
Author:
ryan
Message:

Sanitize user_login in register form

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-register.php

    r3481 r3630  
    2626    } else if (!is_email($user_email)) {
    2727        $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
     28        $user_email = '';
    2829    }
    2930
    30     if ( ! validate_username($user_login) )
     31    if ( ! validate_username($user_login) ) {
    3132        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
     33        $user_login = '';
     34    }
    3235
    3336    if ( username_exists( $user_login ) )
     
    6871<div id="login">
    6972    <h2><?php _e('Registration Complete') ?></h2>
    70     <p><?php printf(__('Username: %s'), "<strong>$user_login</strong>") ?><br />
     73    <p><?php printf(__('Username: %s'), "<strong>" . wp_specialchars($user_login) . "</strong>") ?><br />
    7174    <?php printf(__('Password: %s'), '<strong>' . __('emailed to you') . '</strong>') ?> <br />
    72     <?php printf(__('E-mail: %s'), "<strong>$user_email</strong>") ?></p>
     75    <?php printf(__('E-mail: %s'), "<strong>" . wp_specialchars($user_email) . "</strong>") ?></p>
    7376    <p class="submit"><a href="wp-login.php"><?php _e('Login'); ?> &raquo;</a></p>
    7477</div>
     
    111114<form method="post" action="wp-register.php" id="registerform">
    112115    <p><input type="hidden" name="action" value="register" />
    113     <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo $user_login; ?>" /><br /></p>
    114     <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo $user_email; ?>" /></p>
     116    <label for="user_login"><?php _e('Username:') ?></label><br /> <input type="text" name="user_login" id="user_login" size="20" maxlength="20" value="<?php echo wp_specialchars($user_login); ?>" /><br /></p>
     117    <p><label for="user_email"><?php _e('E-mail:') ?></label><br /> <input type="text" name="user_email" id="user_email" size="25" maxlength="100" value="<?php echo wp_specialchars($user_email); ?>" /></p>
    115118    <p><?php _e('A password will be emailed to you.') ?></p>
    116119    <p class="submit"><input type="submit" value="<?php _e('Register') ?> &raquo;" id="submit" name="submit" /></p>
Note: See TracChangeset for help on using the changeset viewer.