[wp-hackers] Regular expression bug in sanitize_user?
jason-wordpress at kavi.com
Wed May 17 00:16:39 GMT 2006
I think I may have found a bug in the sanitize_user function in
functions-formatting.php. Currently, lines 275 - 277 read:
// If strict, reduce to ASCII for max portability.
if ( $strict )
$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
It appears that what this is trying to do is allow hyphens (along
with many other characters). However, the regex does not match the
hyphens. I believe the reg ex needs a back slash like this:
$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
Per the directions on the wordpress site about submitting bugs, I
decided to ask here first before submitting this to the bug tracking
system. Am I missing something here, or is this a mistake in the regex?
More information about the wp-hackers