diff options
Diffstat (limited to 'wp-login.php')
| -rw-r--r-- | wp-login.php | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/wp-login.php b/wp-login.php index 9eeac4a..16faccb 100644 --- a/wp-login.php +++ b/wp-login.php @@ -33,14 +33,18 @@ if ( force_ssl_admin() && ! is_ssl() ) { * upon successful login. * @global string $action The action that brought the visitor to the login page. * - * @param string $title Optional. WordPress login Page title to display in the `<title>` element. - * Default 'Log In'. - * @param string $message Optional. Message to display in header. Default empty. - * @param WP_Error $wp_error Optional. The error to pass. Default is a WP_Error instance. + * @param string|null $title Optional. WordPress login page title to display in the `<title>` element. + * Defaults to 'Log In'. + * @param string $message Optional. Message to display in header. Default empty. + * @param WP_Error|null $wp_error Optional. The error to pass. Defaults to a WP_Error instance. */ -function login_header( $title = 'Log In', $message = '', $wp_error = null ) { +function login_header( $title = null, $message = '', $wp_error = null ) { global $error, $interim_login, $action; + if ( null === $title ) { + $title = __( 'Log In' ); + } + // Don't index any of these forms. add_filter( 'wp_robots', 'wp_robots_sensitive_page' ); add_action( 'login_head', 'wp_strict_cross_origin_referrer' ); @@ -753,7 +757,7 @@ switch ( $action ) { break; case 'postpass': - if ( ! array_key_exists( 'post_password', $_POST ) ) { + if ( ! isset( $_POST['post_password'] ) || ! is_string( $_POST['post_password'] ) ) { wp_safe_redirect( wp_get_referer() ); exit; } @@ -792,7 +796,7 @@ switch ( $action ) { wp_logout(); - if ( ! empty( $_REQUEST['redirect_to'] ) ) { + if ( ! empty( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) { $redirect_to = $_REQUEST['redirect_to']; $requested_redirect_to = $redirect_to; } else { @@ -1296,7 +1300,7 @@ switch ( $action ) { } } - if ( isset( $_REQUEST['redirect_to'] ) ) { + if ( isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ) { $redirect_to = $_REQUEST['redirect_to']; // Redirect to HTTPS if user wants SSL. if ( $secure_cookie && str_contains( $redirect_to, 'wp-admin' ) ) { @@ -1317,7 +1321,7 @@ switch ( $action ) { sprintf( /* translators: 1: Browser cookie documentation URL, 2: Support forums URL. */ __( '<strong>Error:</strong> Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ), - __( 'https://wordpress.org/documentation/article/cookies/' ), + __( 'https://developer.wordpress.org/advanced-administration/wordpress/cookies/' ), __( 'https://wordpress.org/support/forums/' ) ) ); @@ -1328,13 +1332,14 @@ switch ( $action ) { sprintf( /* translators: %s: Browser cookie documentation URL. */ __( '<strong>Error:</strong> Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ), - __( 'https://wordpress.org/documentation/article/cookies/#enable-cookies-in-your-browser' ) + __( 'https://developer.wordpress.org/advanced-administration/wordpress/cookies/#enable-cookies-in-your-browser' ) ) ); } } - $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + $requested_redirect_to = isset( $_REQUEST['redirect_to'] ) && is_string( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; + /** * Filters the login redirect URL. * @@ -1438,7 +1443,9 @@ switch ( $action ) { $errors->add( 'updated', __( '<strong>You have successfully updated WordPress!</strong> Please log back in to see what’s new.' ), 'message' ); } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); - } elseif ( isset( $_GET['redirect_to'] ) && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) ) { + } elseif ( isset( $_GET['redirect_to'] ) && is_string( $_GET['redirect_to'] ) + && str_contains( $_GET['redirect_to'], 'wp-admin/authorize-application.php' ) + ) { $query_component = wp_parse_url( $_GET['redirect_to'], PHP_URL_QUERY ); $query = array(); if ( $query_component ) { |