[wp-trac] [WordPress Trac] #39645: If user "admin" doesn't exist (renamed admin account) users can create a user with username admin

WordPress Trac noreply at wordpress.org
Thu Jan 6 08:42:58 UTC 2022


#39645: If user "admin" doesn't exist (renamed admin account) users can create a
user with username admin
--------------------------+------------------------------
 Reporter:  jobst         |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Users         |     Version:  4.7.1
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |     Focuses:
--------------------------+------------------------------

Comment (by jobst):

 I would even go so far as using
 '''
 strncasecmp(strtolower($sanitized_user_login), 'admin', 5)
 '''
 for the comparison, anything starting with "admin" would be disallowed.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39645#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list