[wp-trac] [WordPress Trac] #44347: WP allows creating username that is already used email address
WordPress Trac
noreply at wordpress.org
Mon Jun 11 14:25:37 UTC 2018
#44347: WP allows creating username that is already used email address
---------------------------+------------------------------
Reporter: phillipburger | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
---------------------------+------------------------------
Comment (by subrataemfluence):
Good find!!
Adding additional guard for checking the existence of username supplied in
email field in core functionality should resolve the issue.
Possible solution:
{{{
File name: includes/user.php.
Function: edit_user
}}}
Addition:
{{{#!php
<?php
if ( ! $update && email_exists( $user->user_login ) ) {
$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username
is invalid because it is already in use as email address of another
account.' ) );
}
}}}
{{{
File: wp-includes/user.php
Function: register_new_user
}}}
Addition:
{{{#!php
<?php
if ( $user_email == '' ) {
...
} elseif ( ! is_email( $user_email ) ) {
...
} elseif ( email_exists( $user_email ) ) {
...
} elseif ( email_exists( $sanitized_user_login ) ) {
$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This
username is invalid because it is already in use as email address of
another account.' ) );
}
}}}
I think adding the check into the core itself will prevent additional
filter and functions.
Please let me know if this makes some sense.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44347#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list