Index: wp-includes/capabilities.php
===================================================================
--- wp-includes/capabilities.php	(revision 21827)
+++ wp-includes/capabilities.php	(working copy)
@@ -526,7 +526,7 @@
 			$value = trim( $value );
 		}
 
-		if ( !$value )
+		if ( !isset($value) )
 			return false;
 
 		switch ( $field ) {
Index: wp-includes/user.php
===================================================================
--- wp-includes/user.php	(revision 21827)
+++ wp-includes/user.php	(working copy)
@@ -24,14 +24,13 @@
  */
 function wp_signon( $credentials = '', $secure_cookie = '' ) {
 	if ( empty($credentials) ) {
-		if ( ! empty($_POST['log']) )
+		if ( isset($_POST['log']) )
 			$credentials['user_login'] = $_POST['log'];
 		if ( ! empty($_POST['pwd']) )
 			$credentials['user_password'] = $_POST['pwd'];
 		if ( ! empty($_POST['rememberme']) )
 			$credentials['remember'] = $_POST['rememberme'];
 	}
-
 	if ( !empty($credentials['remember']) )
 		$credentials['remember'] = true;
 	else
@@ -51,7 +50,6 @@
 	add_filter('authenticate', 'wp_authenticate_cookie', 30, 3);
 
 	$user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
-
 	if ( is_wp_error($user) ) {
 		if ( $user->get_error_codes() == array('empty_username', 'empty_password') ) {
 			$user = new WP_Error('', '');
@@ -71,11 +69,10 @@
 add_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
 function wp_authenticate_username_password($user, $username, $password) {
 	if ( is_a($user, 'WP_User') ) { return $user; }
-
-	if ( empty($username) || empty($password) ) {
+	if ( !isset($username) || empty($password) ) {
 		$error = new WP_Error();
 
-		if ( empty($username) )
+		if ( !isset($username) )
 			$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
 
 		if ( empty($password) )
@@ -83,9 +80,7 @@
 
 		return $error;
 	}
-
 	$user = get_user_by('login', $username);
-
 	if ( !$user )
 		return new WP_Error('invalid_username', sprintf(__('<strong>ERROR</strong>: Invalid username. <a href="%s" title="Password Lost and Found">Lost your password</a>?'), wp_lostpassword_url()));
 
@@ -1032,14 +1027,14 @@
 			$_selected = selected( $user->ID, $selected, false );
 			if ( $_selected )
 				$found_selected = true;
-			$display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
+			$display = isset($user->$show) && strlen($user->$show) ? $user->$show : '('. $user->user_login . ')';
 			$output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
 		}
 
 		if ( $include_selected && ! $found_selected && ( $selected > 0 ) ) {
 			$user = get_userdata( $selected );
 			$_selected = selected( $user->ID, $selected, false );
-			$display = !empty($user->$show) ? $user->$show : '('. $user->user_login . ')';
+			$display = isset($user->$show) && strlen($user->$show) ? $user->$show : '('. $user->user_login . ')';
 			$output .= "\t<option value='$user->ID'$_selected>" . esc_html($display) . "</option>\n";
 		}
 
@@ -1279,7 +1274,7 @@
 	//Remove any non-printable chars from the login string to see if we have ended up with an empty username
 	$user_login = trim($user_login);
 
-	if ( empty($user_login) )
+	if ( !isset($user_login) || !strlen($user_login) )
 		return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') );
 
 	if ( !$update && username_exists( $user_login ) )