[wp-trac] [WordPress Trac] #59485: Invalid username
WordPress Trac
noreply at wordpress.org
Tue Nov 26 13:48:44 UTC 2024
#59485: Invalid username
----------------------------------------+------------------------------
Reporter: rinkalpagdar | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 6.3.1
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+------------------------------
Comment (by ankitkumarshah):
Replying to [comment:6 SergeyBiryukov]:
> Replying to [comment:5 ankitkumarshah]:
> > The `sanitize_user()` function would indeed be a more appropriate
choice than `sanitize_title()`, as it has been specifically designed for
username sanitization in WordPress.
>
> Correct, `sanitize_title()` would replace dots with hyphens in a
username, which might not be appropriate here, see #17239 / #36286 and
#17904.
>
> It is worth noting, however, that we already run `sanitize_user()` in
`wp_insert_user()` on [source:tags/6.7.1/src/wp-
includes/user.php?marks=2156#L2155 line 2156 above], so if that's not
enough, this might need a closer look. A unit test would be helpful to
demonstrate the issue.
Hi @SergeyBiryukov,
Thank you for pointing this out. You're absolutely right - I missed that
`wp_insert_user()` already implements `sanitize_user()` on line 2156. This
makes the additional sanitization redundant in this context.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59485#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list