[wp-trac] [WordPress Trac] #15198: Inconsistencies in sanitize_user and sanitize_key
WordPress Trac
wp-trac at lists.automattic.com
Sun Oct 24 00:02:33 UTC 2010
#15198: Inconsistencies in sanitize_user and sanitize_key
--------------------------+-------------------------------------------------
Reporter: duck_ | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version: 3.0
Severity: normal | Keywords: has-patch 2nd-opinion
--------------------------+-------------------------------------------------
It seems to me that `sanitize_user` can perform inconsistently by
returning a different string compared to the input when passed a
previously sanitized string. This occurs when the first round returns a
string ending in a space, then in the second round when
`wp_strip_all_tags` trims the string it changes the previously sanitized
input. The only workaround I could think of for now was to always trim the
output of `sanitize_user`.
Also, `sanitize_key` does not behave as described by the docs (I guess the
docs could be wrong instead of the code then, but I'm not sure). That is
"They should be lowercase ASCII. Dashes and underscores are allowed."
seems to be incorrect. The regex allows ., space, @ and has the ignore
case modifier.
'''Example:'''
{{{
$test = sanitize_user( 'test ***', true );
var_dump( $test );
var_dump( sanitize_user( $test, true ) );
var_dump( sanitize_key( 'UPPER C at SE.', true ) );
}}}
'''Expected:''' the first two to be exactly the same and the last to
output "uppercse"
'''Actual:'''
{{{
string(5) "test "
string(4) "test"
string(11) "UPPER C at SE."
}}}
Patch attached. Though this is the kind of change that I can foresee
potentially creating problems, i.e. lookup a string which previously
returned a different result when passing through either function.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15198>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list