[wp-trac] [WordPress Trac] #29696: user_nicename is not being sanitized when updated by wp_update_user()
WordPress Trac
noreply at wordpress.org
Mon Sep 29 12:16:06 UTC 2014
#29696: user_nicename is not being sanitized when updated by wp_update_user()
--------------------------+------------------------------
Reporter: joemcgill | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Comment (by sareiodata):
I've tested the issue and managed to replicate it.
However, the bug is explained incorrectly (the patch is correct)
It's not wp_update_user that's causing problems, it's wp_insert_user().
wp_insert_user doesn't sanitize the user_nicename if you transmit it like
a parameter like so:
`wp_insert_user(array('user_login'=>'johndoe','user_pass'=>'pass','user_nicename'=>'john.doe'));`
Applied the patch, tested it again and the nicename is correctly
sanitized. Also the code is straight forward.
The question is, since this will be used by developers primarily, SHOULD
we sanitize the nicename or let the developer do that? An input from
someone else would be welcomed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29696#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list