[buddypress-trac] [BuddyPress Trac] #6259: user_name / username checks in bp_core_validate_user_signup

Fri Feb 27 01:48:14 UTC 2015

#6259: user_name / username checks in bp_core_validate_user_signup
---------------------------------+----------------------------------
 Reporter:  anthony.bartoli      |       Owner:
     Type:  idea                 |      Status:  new
 Priority:  normal               |   Milestone:  Under Consideration
Component:  Component - Members  |     Version:  2.2.1
 Severity:  normal               |  Resolution:
 Keywords:                       |
---------------------------------+----------------------------------
Changes (by boonebgorges):

 * keywords:  dev-feedback =>
 * milestone:  Awaiting Review => Under Consideration

Comment:

 Thanks for the ticket, anthony.bartoli. A couple of thoughts:

 >  Because WP_Error only allows you to remove *all* errors
 (WP_Error->remove()) for a given code, using the same code ("user_name")
 for these checks is especially problematic if I wanted to get rid of one
 condition(s) while keeping other(s).

 I'd never realized this before about `WP_Error`, but you are quite right.
 The funny part is that when we display the errors, we only display the
 first one (`[0]`) https://buddypress.trac.wordpress.org/browser/trunk/src
 /bp-members/bp-members-screens.php#L112. Giving them different error
 handles seems like a good idea, but it's likely to cause some backward
 compatibility headaches. I have definitely written plugins that reach into
 this error object and unset various things, and if they were no longer
 grouped under 'user_name', those mods would break. It may still be worth
 doing (since it's fairly broken at the moment), but it's something to
 consider.

 As for the requirements themselves: Most of them come from the days of
 WPMU (BP used to require it). MU had (and MS still has) fairly restrictive
 requirements on `user_login`. See extended discussion at #5185 and
 https://core.trac.wordpress.org/ticket/17904. I would be open to
 considering tearing these checks out altogether.

 > If these checks were to be removed, is there an automated suite of tests
 that could be ran to ensure that other BP functions would not break?

 We have a suite of automated tests for BuddyPress. See
 https://buddypress.trac.wordpress.org/browser/trunk/tests/phpunit/testcases.
 It's likely that we don't have sufficient coverage to guarantee that
 nothing would break if we allowed for various kinds of usernames. We'd
 need, for example, to make sure that our URL parsing logic works correctly
 for usernames that are made up only of numbers.

 If you'd like to have a shot at researching and implementing a suggested
 solution, I'd be happy to work through it with you.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6259#comment:1>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac