[wp-trac] [WordPress Trac] #62794: Fatal error from wp-login.php if password is an array
WordPress Trac
noreply at wordpress.org
Thu Jan 9 19:32:47 UTC 2025
#62794: Fatal error from wp-login.php if password is an array
------------------------------------+-----------------------------
Reporter: leedxw | Owner: SergeyBiryukov
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 6.8
Component: Login and Registration | Version: 6.7.1
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------+-----------------------------
Comment (by SergeyBiryukov):
Replying to [comment:3 audrasjb]:
> This is a good point and a good workaround, however the `is_string`
conditional will fail if the value provided is an integer, for example.
That's good to note, however values passed via `$_POST` can only ever be a
string or an array, per the
[https://www.php.net/manual/en/language.variables.external.php#language.variables
.determining-type-of PHP manual]:
> HTTP being a text protocol, most, if not all, content that comes in
Superglobal arrays, like `$_POST` and `$_GET` will remain as strings. PHP
will not try to convert values to a specific type.
So I think this is ready to go, I would just add a similar check for
`$_POST['log']` for consistency.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62794#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list