[wp-trac] Re: [WordPress Trac] #2968: WP lets two different users register with same user name

WordPress Trac wp-trac at lists.automattic.com
Sat Jul 22 20:12:47 GMT 2006

#2968: WP lets two different users register with same user name
 Reporter:  RuddO           |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  high            |    Milestone:           
Component:  Administration  |      Version:  2.0.3    
 Severity:  critical        |   Resolution:           
 Keywords:                  |  
Comment (by RuddO):


 When trying to do this myself:

 ERROR: This username is already registered, please choose another one.

 Which is fine.  I'm now investigating the database.

 (investigating... |/-\|/-\|/-\|/-\|/-\)

 Now I found the cause.

 "Rudd-O" is my user
 " Rudd-O" is the newly registrated user

 As you can see, although this doesn't represent a security violation per
 se, it's VERY EASY for users to use this kind of issue (I'm not calling it
 a bug yet, but I might be willing to, hehe) to produce social engineering
 attacks and the like.

 Why isn't WP doing a trim() on the user name upon registration/login?

 Please help me guys.  I'll even vow to help you if you give me some
 pointers, the ponit being that I don't want to blindly modify one file and
 discover that the modifications I make cascade into several bugs later on.

 More info:

 wp-register.php: line 15/162 (9%), col 23/61 (37%), char 349/5741 (6%)

         $user_login = sanitize_user( $_POST['user_login'] );
         $user_email = $_POST['user_email'];

 I guess sanitize user isn't sanitizing the user properly?  Plus, I
 wouldn't just blindly trust whatever the user types in user_email,
 primarily because say a single space before or after could probably throw
 wrenches in the later machinery.  I don't say "we should validate e-mails
 according to RFC XXX and YYY", but at least a trim and a removal of high
 bit characters wouldn't hurt, would it?

Ticket URL: <http://trac.wordpress.org/ticket/2968>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list