[wp-trac] [WordPress Trac] #44347: WP allows creating username that is already used email address

WordPress Trac noreply at wordpress.org
Mon Jun 11 14:25:37 UTC 2018


#44347: WP allows creating username that is already used email address
---------------------------+------------------------------
 Reporter:  phillipburger  |       Owner:  (none)
     Type:  defect (bug)   |      Status:  new
 Priority:  normal         |   Milestone:  Awaiting Review
Component:  Users          |     Version:
 Severity:  normal         |  Resolution:
 Keywords:                 |     Focuses:
---------------------------+------------------------------

Comment (by subrataemfluence):

 Good find!!
 Adding additional guard for checking the existence of username supplied in
 email field in core functionality should resolve the issue.

 Possible solution:


 {{{
 File name: includes/user.php.
 Function: edit_user
 }}}

 Addition:

 {{{#!php
 <?php
 if ( ! $update && email_exists( $user->user_login ) ) {
    $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username
 is invalid because it is already in use as email address of another
 account.' ) );
 }
 }}}



 {{{
 File: wp-includes/user.php
 Function: register_new_user
 }}}

 Addition:

 {{{#!php
 <?php
 if ( $user_email == '' ) {
    ...
 } elseif ( ! is_email( $user_email ) ) {
    ...
 } elseif ( email_exists( $user_email ) ) {
    ...
 } elseif ( email_exists( $sanitized_user_login ) ) {
    $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This
 username is invalid because it is already in use as email address of
 another account.' ) );
 }
 }}}

 I think adding the check into the core itself will prevent additional
 filter and functions.

 Please let me know if this makes some sense.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44347#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list