[wp-trac] [WordPress Trac] #17904: Multisite has more restrictions on user login character set
WordPress Trac
noreply at wordpress.org
Mon Sep 9 23:47:31 UTC 2013
#17904: Multisite has more restrictions on user login character set
--------------------------------------+------------------
Reporter: duck_ | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.7
Component: Multisite | Version: 3.0
Severity: normal | Resolution:
Keywords: needs-patch dev-feedback |
--------------------------------------+------------------
Comment (by jeremyfelt):
Ran into this today and compared what rules single site and multisite
enforced. I'm wondering if there's a way we can abstract the username
logic into a common function and plug it into both `edit_user()` and
`wpmu_validate_user_signup()`. It's entirely possible to filter the final
results with `wpmu_validate_user_signup`, but that seems ugly.
**Single Site `edit_user()`**
When adding a user in single site through `wp-admin/user-new.php`,
`edit_user()` is used and does the following:
1. Process with `sanitize_user()`, but do not compare to original POST
data
1. Check `if ( $user_login == '' )`
1. Check `validate_username()`
1. Check `username_exists()`
**Multisite `wpmu_validate_user_signup()`**
When adding a user in multisite through `wp-admin/user-new.php` or `wp-
admin/network/user-new.php`, `wpmu_validate_user_signup()` is used and
does the following:
1. Process with `preg_replace( '/\s+/', '', sanitize_user( $user_name,
true ) )` and compare the result to original POST data
1. Accept only a-z, 0-9 with `preg_match( '/[^a-z0-9]/', $user_name )`
1. Check `if empty()`
1. Check `if in_array( $username, $illegal_names )` to filter out www,
web, root, etc...
1. Check `if strlen( $user_name ) < 4 )`
1. Check `if strpos( ' '. $user_name, '_' ) != false )
1. Check `if ( preg_match( '/^[0-9]*$/', $user_name ) )`
1. Check `username_exists()`
1. Check DB tables for any matching, pending signups
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17904#comment:19>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list