Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security fix

This commit is contained in:
Mike Jolley 2012-01-18 17:19:04 +00:00
parent 197b629307
commit ef0ce00090
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/myaccount/login.php
View File

@ -40,11 +40,11 @@
<p class="form-row form-row-first">
<label for="reg_username"><?php _e('Username', 'woocommerce'); ?> <span class="required">*</span></label>
<input type="text" class="input-text" name="username" id="reg_username" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />
<input type="text" class="input-text" name="username" id="reg_username" value="<?php if (isset($_POST['username'])) echo esc_attr($_POST['username']); ?>" />
</p>
<p class="form-row form-row-last">
<label for="reg_email"><?php _e('Email', 'woocommerce'); ?> <span class="required">*</span></label>
<input type="email" class="input-text" name="email" id="reg_email" <?php if (isset($_POST['email'])) echo $_POST['email']; ?> />
<input type="email" class="input-text" name="email" id="reg_email" <?php if (isset($_POST['email'])) echo esc_attr($_POST['email']); ?> />
</p>
<div class="clear"></div>

15
woocommerce-functions.php
View File

@ -494,8 +494,8 @@ function woocommerce_process_login() {
if ($woocommerce->error_count()==0) :
$creds = array();
$creds['user_login'] = $_POST['username'];
$creds['user_password'] = $_POST['password'];
$creds['user_login'] = esc_attr($_POST['username']);
$creds['user_password'] = esc_attr($_POST['password']);
$creds['remember'] = true;
$secure_cookie = is_ssl() ? true : false;
$user = wp_signon( $creds, $secure_cookie );
@ -553,17 +553,18 @@ function woocommerce_process_registration() {
$woocommerce->verify_nonce('register');
// Get fields
$sanitized_user_login = (isset($_POST['username'])) ? sanitize_user(trim($_POST['username'])) : '';
$user_email = (isset($_POST['email'])) ? esc_attr(trim($_POST['email'])) : '';
$password = (isset($_POST['password'])) ? esc_attr(trim($_POST['password'])) : '';
$password2 = (isset($_POST['password2'])) ? esc_attr(trim($_POST['password2'])) : '';
$username = (isset($_POST['username'])) ? esc_attr(trim($_POST['username'])) : '';
$sanitized_user_login = sanitize_user($username);
$user_email = (isset($_POST['email'])) ? esc_attr(trim($_POST['email'])) : '';
$password = (isset($_POST['password'])) ? esc_attr(trim($_POST['password'])) : '';
$password2 = (isset($_POST['password2'])) ? esc_attr(trim($_POST['password2'])) : '';
$user_email = apply_filters( 'user_registration_email', $user_email );
// Check the username
if ( $sanitized_user_login == '' ) {
$woocommerce->add_error( '<strong>' . __('ERROR', 'woocommerce') . '</strong>: ' . __( 'Please enter a username.', 'woocommerce' ) );
} elseif ( ! validate_username( $_POST['username'] ) ) {
} elseif ( ! validate_username( $username ) ) {
$woocommerce->add_error( '<strong>' . __('ERROR', 'woocommerce') . '</strong>: ' . __( 'This username is invalid because it uses illegal characters. Please enter a valid username.', 'woocommerce' ) );
$sanitized_user_login = '';
} elseif ( username_exists( $sanitized_user_login ) ) {