[wp-trac] [WordPress Trac] #17904: Multisite has more restrictions on user login character set
WordPress Trac
noreply at wordpress.org
Wed May 4 20:31:56 UTC 2016
#17904: Multisite has more restrictions on user login character set
----------------------------------------+-------------------------
Reporter: duck_ | Owner: jeremyfelt
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 4.6
Component: Login and Registration | Version: 3.0
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses: multisite
----------------------------------------+-------------------------
Changes (by ericlewis):
* keywords: has-patch => has-patch needs-unit-tests
* milestone: Future Release => 4.6
Comment:
The current patch enforces the multisite `user_login` limitations onto
single site, which @jeremyfelt described in comment:19. These new
limitations include:
* `user_login` is forced to at least 4 characters. Why do we enforce that
limitation in multisite? Looks like it was a decision made
[https://github.com/ericandrewlewis/wordpress-
mu/commit/c70dd3a379d82f7fd8f87beeffd65af41f19c244 early on].
* `user_login` cannot only be numbers. With the introduction of newly
allowed characters, this means user_logins like `@@@@` and `....` are
legal. These `user_logins` translate into odd user_nicenames because they
are run through `sanitize_title` and the rest of the business logic that
happens in `wp_insert_user()`.
Moving this to 4.6 for consideration. We'll want some unit tests for
`wp_validate_user_login()`, depending on what we expect to be allowed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17904#comment:43>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list