[wp-trac] Re: [WordPress Trac] #2968: WP lets two different users
register with same user name
WordPress Trac
wp-trac at lists.automattic.com
Sat Jul 22 20:12:47 GMT 2006
#2968: WP lets two different users register with same user name
----------------------------+-----------------------------------------------
Reporter: RuddO | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Administration | Version: 2.0.3
Severity: critical | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by RuddO):
Followup:
When trying to do this myself:
ERROR: This username is already registered, please choose another one.
Which is fine. I'm now investigating the database.
(investigating... |/-\|/-\|/-\|/-\|/-\)
Now I found the cause.
"Rudd-O" is my user
" Rudd-O" is the newly registrated user
As you can see, although this doesn't represent a security violation per
se, it's VERY EASY for users to use this kind of issue (I'm not calling it
a bug yet, but I might be willing to, hehe) to produce social engineering
attacks and the like.
Why isn't WP doing a trim() on the user name upon registration/login?
Please help me guys. I'll even vow to help you if you give me some
pointers, the ponit being that I don't want to blindly modify one file and
discover that the modifications I make cascade into several bugs later on.
More info:
wp-register.php: line 15/162 (9%), col 23/61 (37%), char 349/5741 (6%)
$user_login = sanitize_user( $_POST['user_login'] );
$user_email = $_POST['user_email'];
I guess sanitize user isn't sanitizing the user properly? Plus, I
wouldn't just blindly trust whatever the user types in user_email,
primarily because say a single space before or after could probably throw
wrenches in the later machinery. I don't say "we should validate e-mails
according to RFC XXX and YYY", but at least a trim and a removal of high
bit characters wouldn't hurt, would it?
--
Ticket URL: <http://trac.wordpress.org/ticket/2968>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list