WordPress.org

Make WordPress Core

Ticket #13162: 13162.2.diff

File 13162.2.diff, 6.1 KB (added by sivel, 8 years ago)
  • wp-login.php

     
    268268 * @param string $user_email User's email address to send password and add
    269269 * @return int|WP_Error Either user's ID or error on failure.
    270270 */
    271 function register_new_user($user_login, $user_email) {
     271function register_new_user( $user_login, $user_email ) {
    272272        $errors = new WP_Error();
    273273
    274         $user_login = sanitize_user( $user_login );
     274        $sanitized_user_login = sanitize_user( $user_login );
    275275        $user_email = apply_filters( 'user_registration_email', $user_email );
    276276
    277277        // Check the username
    278         if ( $user_login == '' )
    279                 $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.'));
    280         elseif ( !validate_username( $user_login ) ) {
    281                 $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'));
    282                 $user_login = '';
    283         } elseif ( username_exists( $user_login ) )
    284                 $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
     278        if ( $sanitized_user_login == '' ) {
     279                $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
     280        } elseif ( ! validate_username( $user_login ) ) {
     281                $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
     282                $sanitized_user_login = '';
     283        } elseif ( username_exists( $sanitized_user_login ) ) {
     284                $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
     285        }
    285286
    286287        // Check the e-mail address
    287         if ($user_email == '') {
    288                 $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
    289         } elseif ( !is_email( $user_email ) ) {
    290                 $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
     288        if ( $user_email == '' ) {
     289                $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
     290        } elseif ( ! is_email( $user_email ) ) {
     291                $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
    291292                $user_email = '';
    292         } elseif ( email_exists( $user_email ) )
    293                 $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'));
     293        } elseif ( email_exists( $user_email ) ) {
     294                $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
     295        }
    294296
    295         do_action('register_post', $user_login, $user_email, $errors);
     297        do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
    296298
    297         $errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
     299        $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
    298300
    299301        if ( $errors->get_error_code() )
    300302                return $errors;
    301303
    302304        $user_pass = wp_generate_password();
    303         $user_id = wp_create_user( $user_login, $user_pass, $user_email );
    304         if ( !$user_id ) {
    305                 $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
     305        $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
     306        if ( ! $user_id ) {
     307                $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
    306308                return $errors;
    307309        }
    308310
    309         update_user_option($user_id, 'default_password_nag', true, true); //Set up the Password change nag.
     311        update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
    310312
    311         wp_new_user_notification($user_id, $user_pass);
     313        wp_new_user_notification( $user_id, $user_pass );
    312314
    313315        return $user_id;
    314316}
  • wp-includes/formatting.php

     
    735735 */
    736736function sanitize_user( $username, $strict = false ) {
    737737        $raw_username = $username;
    738         $username = wp_strip_all_tags($username);
     738        $username = wp_strip_all_tags( $username );
     739        $username = remove_accents( $username );
    739740        // Kill octets
    740         $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
    741         $username = preg_replace('/&.+?;/', '', $username); // Kill entities
     741        $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
     742        $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
    742743
    743744        // If strict, reduce to ASCII for max portability.
    744745        if ( $strict )
    745                 $username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
     746                $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
    746747
    747748        // Consolidate contiguous whitespace
    748         $username = preg_replace('|\s+|', ' ', $username);
     749        $username = preg_replace( '|\s+|', ' ', $username );
    749750
    750         return apply_filters('sanitize_user', $username, $raw_username, $strict);
     751        return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
    751752}
    752753
    753754/**
  • wp-admin/includes/user.php

     
    158158        if ( !empty( $pass1 ) )
    159159                $user->user_pass = $pass1;
    160160
    161         if ( !$update && !validate_username( $user->user_login ) )
    162                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' ));
     161        if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
     162                $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
    163163
    164164        if ( !$update && username_exists( $user->user_login ) )
    165165                $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));