[3.2.2] Do not esc_ credentials before auth or register #1575

Could possibly have if the user is created by the widget, they can login only via the widget and visa versa.
2012-10-15 14:08:33 +02:00 · 2012-10-15 14:08:33 +02:00 · c75e044399
parent 135b8ace58
commit c75e044399
2 changed files with 9 additions and 9 deletions
--- a/woocommerce-ajax.php
+++ b/woocommerce-ajax.php
@ -26,10 +26,10 @@ function woocommerce_sidebar_login_ajax_process() {

 	// Get post data
 	$creds = array();
-	$creds['user_login'] 	= esc_attr( $_REQUEST['user_login'] );
-	$creds['user_password'] = esc_attr( $_REQUEST['user_password'] );
+	$creds['user_login'] 	= $_REQUEST['user_login'];
+	$creds['user_password'] = $_REQUEST['user_password'];
 	$creds['remember'] 		= 'forever';
-	$redirect_to 			= esc_attr( $_REQUEST['redirect_to'] );
+	$redirect_to 			= esc_url( $_REQUEST['redirect_to'] );

 	// Check for Secure Cookie
 	$secure_cookie = '';
--- a/woocommerce-functions.php
+++ b/woocommerce-functions.php
@ -555,8 +555,8 @@ function woocommerce_process_login() {
 		if ($woocommerce->error_count()==0) :

 			$creds = array();
-			$creds['user_login'] 	= esc_attr($_POST['username']);
-			$creds['user_password'] = esc_attr($_POST['password']);
+			$creds['user_login'] 	= $_POST['username'];
+			$creds['user_password'] = $_POST['password'];
 			$creds['remember'] = true;
 			$secure_cookie = is_ssl() ? true : false;
 			$user = wp_signon( $creds, $secure_cookie );
@ -599,14 +599,14 @@ function woocommerce_process_registration() {
 		$woocommerce->verify_nonce('register');

 		// Get fields
-		$user_email 			= isset( $_POST['email'] ) ? esc_attr( trim( $_POST['email'] ) ) : '';
-		$password				= isset( $_POST['password'] ) ? esc_attr( trim( $_POST['password'] ) ) : '';
-		$password2 				= isset( $_POST['password2'] ) ? esc_attr( trim( $_POST['password2'] ) ) : '';
+		$user_email 			= isset( $_POST['email'] ) ? trim( $_POST['email'] ) : '';
+		$password				= isset( $_POST['password'] ) ? trim( $_POST['password'] ) : '';
+		$password2 				= isset( $_POST['password2'] ) ? trim( $_POST['password2'] ) : '';
 		$user_email 			= apply_filters( 'user_registration_email', $user_email );

 		if ( get_option( 'woocommerce_registration_email_for_username' ) == 'no' ) {

-			$username 				= isset( $_POST['username'] ) ? esc_attr( trim( $_POST['username'] ) ) : '';
+			$username 				= isset( $_POST['username'] ) ? trim( $_POST['username'] ) : '';
 			$sanitized_user_login 	= sanitize_user( $username );

 			// Check the username