[wp-trac] [WordPress Trac] #17904: Multisite has more restrictions on user login character set

WordPress Trac noreply at wordpress.org
Tue Sep 10 22:34:14 UTC 2013 

#17904: Multisite has more restrictions on user login character set
------------------------------------+------------------
 Reporter:  duck_                   |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  3.7
Component:  Multisite               |     Version:  3.0
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |
------------------------------------+------------------
Changes (by jeremyfelt):

 * keywords:  needs-patch dev-feedback => dev-feedback has-patch


Comment:

 [attachment:17904.2.diff] introduces `wp_validate_user_login()` in an
 attempt to consolidate the user login restrictions between single site and
 multisite installations.

 New `wp_validate_user_login()` requirements:
 * minimum of 4 characters
 * only contains (case-insensitive) characters: `a-z 0-9 _ . - @`
 * no whitespace
 * not on blacklist of illegal names
 * contains at least one letter
 * must be unique
 * not pending signup

 The original criteria for `wpmu_validate_user_signup()` was a character
 set of `a-z` and `0-9`. This has been loosened to match the criteria in
 `edit_site()`.

 `register_new_user()`, `edit_site()`, and `wpmu_validate_user_signup()`
 have all been modified to use the new `wp_validate_user_login()` function
 rather relying on their individual (and different) logic.

 I've pieced together the original error strings from `edit_user()` and
 `wpmu_validate_user_signup()`, though I'm a bit confused on the naming
 convention between `user_name` and `user_login` and some others. It may be
 worth revisiting the messaging here?

 It's entirely possible that we can deprecate `validate_username()` as it
 is no longer used anywhere in core as of this patch and does not exactly
 perform the described function. We may want to replace with an option to
 return `bool` from `wp_validate_user_login()` instead or ...

 No changes in single site or multisite tests at the moment, though it
 looks like not much is actually tested around this.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/17904#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list