[wp-hackers] Loosening username restrictions in plugin?

Alan J Castonguay alan at verselogic.net
Thu Oct 26 04:57:20 GMT 2006

I'm working on a plugin (wpopenid) that does user registration. I  
want to permit urls in the username slug (or most of a url, this is a  
vanity issue).

In wp_insert_user(), sanitize_user( $username, true ) is called,  
which strips all sorts of interesting characters from the name, under  
the claim "If strict, reduce to ASCII for max portability". Is there  
a compulsive reason to avoid relaxing this restriction to  
sanitize_user( $username, false )?

If not, I'm planning on making a recursive call to sanitize_user() ala:

sanitize_user() calls
 > return apply_filters('sanitize_user', $username, $raw_username,  

add_filter('sanitize_user', 'destrict_username', 2, 3);
function destruct_username( $username, $raw_username, $strict ) {
	if( $strict && $some_flag_in_my_plugin ) return sanitize_user 
( $raw_username, false )
	return $username;

Does anyone see a problem with this train of thought?

Alan J Castonguay

More information about the wp-hackers mailing list