[wp-trac] [WordPress Trac] #15198: Inconsistencies in sanitize_user and sanitize_key

WordPress Trac wp-trac at lists.automattic.com
Sun Oct 24 00:02:33 UTC 2010


#15198: Inconsistencies in sanitize_user and sanitize_key
--------------------------+-------------------------------------------------
 Reporter:  duck_         |       Owner:                       
     Type:  defect (bug)  |      Status:  new                  
 Priority:  normal        |   Milestone:  Awaiting Review      
Component:  Formatting    |     Version:  3.0                  
 Severity:  normal        |    Keywords:  has-patch 2nd-opinion
--------------------------+-------------------------------------------------
 It seems to me that `sanitize_user` can perform inconsistently by
 returning a different string compared to the input when passed a
 previously sanitized string. This occurs when the first round returns a
 string ending in a space, then in the second round when
 `wp_strip_all_tags` trims the string it changes the previously sanitized
 input. The only workaround I could think of for now was to always trim the
 output of `sanitize_user`.

 Also, `sanitize_key` does not behave as described by the docs (I guess the
 docs could be wrong instead of the code then, but I'm not sure). That is
 "They should be lowercase ASCII. Dashes and underscores are allowed."
 seems to be incorrect. The regex allows ., space, @ and has the ignore
 case modifier.

 '''Example:'''
 {{{
 $test = sanitize_user( 'test ***', true );
 var_dump( $test );
 var_dump( sanitize_user( $test, true ) );

 var_dump( sanitize_key( 'UPPER   C at SE.', true ) );
 }}}

 '''Expected:''' the first two to be exactly the same and the last to
 output "uppercse"

 '''Actual:'''
 {{{
 string(5) "test "
 string(4) "test"
 string(11) "UPPER C at SE."
 }}}

 Patch attached. Though this is the kind of change that I can foresee
 potentially creating problems, i.e. lookup a string which previously
 returned a different result when passing through either function.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/15198>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list