[wp-trac] [WordPress Trac] #2729: Regular expression bug in
sanitize_user
WordPress Trac
wp-trac at lists.automattic.com
Wed May 17 13:03:47 GMT 2006
#2729: Regular expression bug in sanitize_user
-----------------------+----------------------------------------------------
Id: 2729 | Status: new
Component: General | Modified: Wed May 17 13:03:47 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.0.2
Owner: anonymous | Reporter: grigs
-----------------------+----------------------------------------------------
I think I may have found a bug in the sanitize_user function in
functions-formatting.php. Currently, lines 275 - 277 read:
// If strict, reduce to ASCII for max portability.
if ( $strict )
$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
It appears that what this is trying to do is allow hyphens (along
with many other characters). However, the regex does not match the
hyphens. I believe the reg ex needs a back slash like this:
$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
I checked on the hackers mailing list and received confirmation that this
appears to be a bug before submitting it here.
NOTE: The wiki formatting is stripping some of the information from the
regular expressions above. I looked at the formatting guide, and didn't
see a good way to escape it correctly. The gist of the ticket is that a
backslash needs to be put before the hyphen. Please check the original
source code to get a clean version of the regex.
--
Ticket URL: <http://trac.wordpress.org/ticket/2729>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list