[wp-trac] [WordPress Trac] #29696: user_nicename is not being sanitized when updated by wp_update_user()
WordPress Trac
noreply at wordpress.org
Wed Oct 1 13:24:37 UTC 2014
#29696: user_nicename is not being sanitized when updated by wp_update_user()
--------------------------+------------------------------
Reporter: joemcgill | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by joemcgill):
Thanks for the clarification. You're correct that the bug is actually a
part of `wp_insert_user()`, though it's usually only exposed when executed
through `wp_update_user()`, which I admittedly didn't explain very well.
The main reason that I would lobby for fixing this is that there are now
popular tools like wp-cli that are being used to access the user APIs
without accessing them through the WordPress UI. In those cases, doing
something like `wp user update ...` could lead to nicenames in the
database that would fail in a user query. Furthermore, I can't think of a
reason why you would ''not'' want to sanitize a user_nicename on an update
using the same rules as an insert.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29696#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list