From af13de140affb856ecc9b0664c5fed9ff16fc4cb Mon Sep 17 00:00:00 2001 From: Nikita Sinelnikov Date: Mon, 24 Oct 2022 16:22:04 +0300 Subject: [PATCH] - fixed using "'" symbols in emails. There is possible to register with it and login after that. Closed #1059; --- includes/core/class-form.php | 2 +- includes/core/class-user.php | 2 +- includes/core/um-actions-form.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 6a529bbe..d6494d9b 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Form' ) ) { * } * ?> */ - $this->post_form = apply_filters( 'um_submit_post_form', $_POST ); + $this->post_form = apply_filters( 'um_submit_post_form', wp_unslash( $_POST ) ); if ( isset( $this->post_form[ UM()->honeypot ] ) && '' !== $this->post_form[ UM()->honeypot ] ) { wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) ); diff --git a/includes/core/class-user.php b/includes/core/class-user.php index b2795d78..fae8e09d 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -2107,7 +2107,7 @@ if ( ! class_exists( 'um\core\User' ) ) { update_user_meta( $this->id, $key, $value ); } } else { - $args[ $key ] = esc_attr( $changes[ $key ] ); + $args[ $key ] = $changes[ $key ]; } } diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index 1aefd617..61531d60 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -806,7 +806,7 @@ function um_submit_form_errors_hook_( $args ) { $args['user_id'] = um_get_requested_user(); } - $email_exists = email_exists( $args[ $key ] ); + $email_exists = email_exists( $args[ $key ] ); if ( $args[ $key ] == '' && in_array( $key, array( 'user_email' ) ) ) { UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) );