Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not sanitize passwords 

Closes #11473
@claudiosmweb
This commit is contained in:
Mike Jolley 2016-07-19 16:43:15 +01:00
parent bf93f747c2
commit e5634c6946
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/abstracts/abstract-wc-settings-api.php
View File

@ -815,9 +815,7 @@ abstract class WC_Settings_API {
}
/**
* Validate Password Field.
*
* Make sure the data is escaped correctly, etc.
* Validate Password Field. No input sanitization is used to avoid corrupting passwords.
*
* @param string $key
* @param string|null $value Posted Value
@ -825,7 +823,7 @@ abstract class WC_Settings_API {
*/
public function validate_password_field( $key, $value ) {
$value = is_null( $value ) ? '' : $value;
return wp_kses_post( trim( stripslashes( $value ) ) );
return trim( stripslashes( $value ) );
}
/**

2
includes/gateways/paypal/includes/settings-paypal.php
View File

@ -127,7 +127,7 @@ return array(
),
'api_password' => array(
'title' => __( 'API Password', 'woocommerce' ),
'type' => 'text',
'type' => 'password',
'description' => __( 'Get your API credentials from PayPal.', 'woocommerce' ),
'default' => '',
'desc_tip' => true,