I'm using
to authenticate a user:
As you can see, I've done nothing to sanitize the user's login and password. I was thinking of doing something like
and then maybe something similar with the password but am unsure if this is necessary.
Should I sanitize
and
? If so, I'd be grateful if you could explain why it is necessary in this use-case.
Ref: <a href="http://codex.wordpress.org/Function_Reference/wp_signon" rel="nofollow">http://codex.wordpress.org/Function_Reference/wp_signon</a>
Code:
wp_signon()
Code:
$data = array();
$data['user_login'] = $_POST['username'];
$data['user_password'] = $_POST['password'];
$data['rememberme'] = false;
$user_login = wp_signon( $data, true );As you can see, I've done nothing to sanitize the user's login and password. I was thinking of doing something like
Code:
sanitize_user( $_POST['username'] )Should I sanitize
Code:
$_POST['username']
Code:
$_POST['password']Ref: <a href="http://codex.wordpress.org/Function_Reference/wp_signon" rel="nofollow">http://codex.wordpress.org/Function_Reference/wp_signon</a>