Add slashes to wp_authenticate() arguments.

[johanee]

wp_authenticate() expect arguments to have "slashed" data[1] (" encoded as \"), but WP REST parameters are unslashed[2].

Use wp_slash() on username and password before calling wp_authenticate().

[1] See wp_signon() usage in trac where slashed $_POST data is used directly. [2] https://make.wordpress.org/core/2016/04/06/rest-api-slashed-data-in-wordpress-4-4-and-4-5/

[avocade]

Huge +1 on this, feels weird that it doesn't support any type of password content.

[alexb112]

Great to get it to get special characters support in passwords