[wp-trac] [WordPress Trac] #17904: Multisite has more restrictions on user login character set

WordPress Trac noreply at wordpress.org
Mon Sep 9 23:47:31 UTC 2013


#17904: Multisite has more restrictions on user login character set
--------------------------------------+------------------
 Reporter:  duck_                     |       Owner:
     Type:  defect (bug)              |      Status:  new
 Priority:  normal                    |   Milestone:  3.7
Component:  Multisite                 |     Version:  3.0
 Severity:  normal                    |  Resolution:
 Keywords:  needs-patch dev-feedback  |
--------------------------------------+------------------

Comment (by jeremyfelt):

 Ran into this today and compared what rules single site and multisite
 enforced. I'm wondering if there's a way we can abstract the username
 logic into a common function and plug it into both `edit_user()` and
 `wpmu_validate_user_signup()`. It's entirely possible to filter the final
 results with `wpmu_validate_user_signup`, but that seems ugly.

 **Single Site `edit_user()`**

 When adding a user in single site through `wp-admin/user-new.php`,
 `edit_user()` is used and does the following:
 1. Process with `sanitize_user()`, but do not compare to original POST
 data
 1. Check `if ( $user_login == '' )`
 1. Check `validate_username()`
 1. Check `username_exists()`

 **Multisite `wpmu_validate_user_signup()`**

 When adding a user in multisite through `wp-admin/user-new.php` or `wp-
 admin/network/user-new.php`, `wpmu_validate_user_signup()` is used and
 does the following:
 1. Process with `preg_replace( '/\s+/', '', sanitize_user( $user_name,
 true ) )` and compare the result to original POST data
 1. Accept only a-z, 0-9 with `preg_match( '/[^a-z0-9]/', $user_name )`
 1. Check `if empty()`
 1. Check `if in_array( $username, $illegal_names )` to filter out www,
 web, root, etc...
 1. Check `if strlen( $user_name ) < 4 )`
 1. Check `if strpos( ' '. $user_name, '_' ) != false )
 1. Check `if ( preg_match( '/^[0-9]*$/', $user_name ) )`
 1. Check `username_exists()`
 1. Check DB tables for any matching, pending signups

--
Ticket URL: <http://core.trac.wordpress.org/ticket/17904#comment:19>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list