[wp-trac] [WordPress Trac] #22367: Usernames with "@" char are assumed email addresses, causing incorrect look-up in several places

Tue Nov 6 00:45:20 UTC 2012

#22367: Usernames with "@" char are assumed email addresses, causing incorrect
look-up in several places
-----------------------------+--------------------------
 Reporter:  johnjamesjacoby  |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  3.5              |  Component:  Users
  Version:                   |   Severity:  normal
 Keywords:  has-patch        |
-----------------------------+--------------------------
 '''Problem'''

 Usernames containing the "@" character are mistakenly assumed to be email
 addresses when:

 * wp-login.php - Resetting passwords
 * /wp-admin/user-new.php - Adding an existing user to a site, in multisite
 * /wp-includes/user.php - Searching for a user

 ----

 '''Duplicate'''

 * Create a user with the login "@testing"
 * Verify the account, etc...

 '''Bug in Search'''

 * Visit: wp-admin/network/users.php - attempt to search for: "@testing"
 * Result: no users found
 * What should happen: find the user

 '''Bug in Add New'''

 * Visit: wp-admin/wp-admin/user-new.php - attempt to add: "@testing"
 * Result: no users found
 * What should happen: add the user

 '''Bug in Reset Password'''

 * Visit: wp-login.php - attempt to reset password for: "@testing"
 * Result: retrieve_password() accidentally succeeds, because strpos()
 check returns 0, which is the correct position of the "@" character. If
 the username was "testing@" this test would fail

 ----

 '''Solution'''

 The attached patch fixes these bugs by using is_email() instead of an
 strpos() for an @ character.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22367>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software