[buddypress-trac] [BuddyPress] #2310: There is a serious bug in buddypress 1.2.3 signup validation for username

[buddypress-trac at lists.automattic.com]

#2310: There is a serious bug in buddypress 1.2.3 signup validation for username
-------------------------------------+--------------------------------------
 Reporter:  faisalzulfiqar           |        Owner:          
     Type:  defect                   |       Status:  reopened
 Priority:  critical                 |    Milestone:  1.2.5   
Component:  Core                     |   Resolution:          
 Keywords:  has-patch needs-testing  |  
-------------------------------------+--------------------------------------

Comment(by aesqe):

 that patch works fine, but can i suggest something else?
 {{{
 // names already in db
 $db_illegal_names = get_site_option('illegal_names');

 // core values that mustn't be allowed to be registered as usernames:
 $core_illegal_names = array( 'www', 'web', 'root', 'admin', 'main',
 'invite', 'administrator', BP_GROUPS_SLUG, BP_MEMBERS_SLUG,
 BP_FORUMS_SLUG, BP_BLOGS_SLUG, BP_REGISTER_SLUG, BP_ACTIVATION_SLUG );

 // so why supply users with $core_illegal_usernames via filter?
 // aren't those names already saved to db when buddypress is activated?
 // if they need to know those values, they can do
 get_site_option('illegal_names'), right?
 // i think that this filter should be used just for adding names, se let's
 just give users an empty array:
 $filtered_illegal_names = apply_filters("bp_core_illegal_usernames",
 array());

 //and then merge all three:
 $illegal_names = array_merge( (array)$db_illegal_names,
 (array)$filtered_illegal_names, (array)$core_illegal_names );
 $illegal_names = array_unique( $illegal_names );
 }}}

 i hope i'm not missing something :)

-- 
Ticket URL: <http://trac.buddypress.org/ticket/2310#comment:9>
BuddyPress <http://buddypress.org/>
BuddyPress