if ( ! is_array( $_POST['user'] ) )
wp_die( __( 'Cannot create an empty user.' ) );
- $user = $_POST['user'];
+ $user = wp_unslash( $_POST['user'] );
$user_details = wpmu_validate_user_signup( $user['username'], $user['email'] );
if ( is_wp_error( $user_details[ 'errors' ] ) && ! empty( $user_details[ 'errors' ]->errors ) ) {
$add_user_errors = $user_details[ 'errors' ];
} else {
$password = wp_generate_password( 12, false);
- $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );
+ $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, sanitize_email( $user['email'] ) );
if ( ! $user_id ) {
$add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) );