Opened 3 years ago

Closed 3 years ago

#13760 closed defect (bug) (fixed)

Unused validation in wpmu_activate_signup

Reported by: filosofo Owned by:
Priority: normal Milestone: 3.0
Component: Multisite Version: 3.0
Severity: normal Keywords: has-patch
Cc:

Description

wpmu_activate_signup calls wpmu_validate_user_signup without acting on its response.

Patch returns errors, if any are generated by wpmu_validate_user_signup. Otherwise, it uses the username and email as validated by wpmu_validate_user_signup.

Attachments (1)

use-wpmu_validate_user_signup.13760.diff (739 bytes) - added by filosofo 3 years ago.

Download all attachments as: .zip

Change History (7)

filosofo3 years ago

comment:1   ryan3 years ago

The call to wpmu_validate_blog_signup() is the same way.

comment:3   ryan3 years ago

Looks like the validation is done in validate_user_signup() and validate_blog_signup() in wp-signup.php. Does wp_activate_signup() really need to run these again, or can it assume what is pulled from the DB is safe?

comment:4   wpmuguru3 years ago

That patch doesn't work. When it's applied activation fails indicating that the username has already been reserved.

For now, I'm removing the validate calls for both users & sites. I'll leave teh ticket open for patches if someone wants to provide one.

comment:5   wpmuguru3 years ago

(In [15186]) removed unused validation from activation process, see #13760

comment:6   ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Let's call it done.

Note: See TracTickets for help on using tickets.