[wp-trac] [WordPress Trac] #26784: User registration on multisite: don't allow usernames to be >60 characters long.
WordPress Trac
noreply at wordpress.org
Mon Jan 6 14:59:46 UTC 2014
#26784: User registration on multisite: don't allow usernames to be >60 characters
long.
--------------------------+-----------------------------
Reporter: DJPaul | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Multisite | Version: trunk
Severity: normal | Keywords:
--------------------------+-----------------------------
In `wpmu_validate_user_signup()` at the "has someone already signed up for
this username?" check, it doesn't work as expected in situations where
`$wpdb->signups` has truncated a new record's `user_login` value down to
its maximum column size (which is 60 characters). The check will never
match any records where the new username is >60 characters.
To recreate on multisite:
1. Register a new user account with a 60-character long username via `wp-
login.php?action=register`.
2. Activate the account via link provided in email, and log in.
3. Everything should work as expected. Log out.
4. Register another new user account; use a different email address. Use
the same username as previously, but add at least 1 extra character to the
end of it.
5. It will accept this username, though you'll be unable to activate the
account. It will say that it's already been activated; look at the record
in the `wp_signups` table and see that `user_login` has been truncated to
the first 60 characters of the string you provided.
The attached patch adds a new validation check to
`wpmu_validate_user_signup()` which rejects the username if it's >60
characters.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26784>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list