Should I sanitize when using wp_signon() in WordPress?

admin

Administrator
Staff member
I'm using
Code:
wp_signon()
to authenticate a user:

Code:
$data = array();
$data['user_login'] = $_POST['username'];
$data['user_password'] = $_POST['password'];
$data['rememberme'] = false;

$user_login = wp_signon( $data, true );

As you can see, I've done nothing to sanitize the user's login and password. I was thinking of doing something like
Code:
sanitize_user( $_POST['username'] )
and then maybe something similar with the password but am unsure if this is necessary.

Should I sanitize
Code:
$_POST['username']
and
Code:
$_POST['password']
? If so, I'd be grateful if you could explain why it is necessary in this use-case.

Ref: <a href="http://codex.wordpress.org/Function_Reference/wp_signon" rel="nofollow">http://codex.wordpress.org/Function_Reference/wp_signon</a>