WordPress.org

Make WordPress Core

Ticket #13162: 13162.diff

File 13162.diff, 4.3 KB (added by sivel, 5 years ago)

Make user validations actually work and tweak the error messages

  • wp-login.php

     
    271271function register_new_user($user_login, $user_email) { 
    272272        $errors = new WP_Error(); 
    273273 
    274         $user_login = sanitize_user( $user_login ); 
     274        $sanitized_user_login = sanitize_user( $user_login ); 
    275275        $user_email = apply_filters( 'user_registration_email', $user_email ); 
    276276 
    277277        // Check the username 
    278         if ( $user_login == '' ) 
     278        if ( $sanitized_user_login == '' ) 
    279279                $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.')); 
    280280        elseif ( !validate_username( $user_login ) ) { 
    281                 $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.')); 
    282                 $user_login = ''; 
    283         } elseif ( username_exists( $user_login ) ) 
     281                $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid because it uses characters illegal characters. Please enter a valid username.')); 
     282                $sanitized_user_login = ''; 
     283        } elseif ( username_exists( $sanitized_user_login ) ) 
    284284                $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.')); 
    285285 
    286286        // Check the e-mail address 
     
    292292        } elseif ( email_exists( $user_email ) ) 
    293293                $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.')); 
    294294 
    295         do_action('register_post', $user_login, $user_email, $errors); 
     295        do_action('register_post', $sanitized_user_login, $user_email, $errors); 
    296296 
    297         $errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email ); 
     297        $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email ); 
    298298 
    299299        if ( $errors->get_error_code() ) 
    300300                return $errors; 
    301301 
    302302        $user_pass = wp_generate_password(); 
    303         $user_id = wp_create_user( $user_login, $user_pass, $user_email ); 
     303        $user_id = wp_create_user( $saitized_user_login, $user_pass, $user_email ); 
    304304        if ( !$user_id ) { 
    305305                $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'))); 
    306306                return $errors; 
  • wp-includes/formatting.php

     
    735735 */ 
    736736function sanitize_user( $username, $strict = false ) { 
    737737        $raw_username = $username; 
    738         $username = wp_strip_all_tags($username); 
     738        $username = wp_strip_all_tags( $username ); 
     739        $username = remove_accents( $username ); 
    739740        // Kill octets 
    740         $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username); 
    741         $username = preg_replace('/&.+?;/', '', $username); // Kill entities 
     741        $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username ); 
     742        $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities 
    742743 
    743744        // If strict, reduce to ASCII for max portability. 
    744745        if ( $strict ) 
    745                 $username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username); 
     746                $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username ); 
    746747 
    747748        // Consolidate contiguous whitespace 
    748         $username = preg_replace('|\s+|', ' ', $username); 
     749        $username = preg_replace( '|\s+|', ' ', $username ); 
    749750 
    750         return apply_filters('sanitize_user', $username, $raw_username, $strict); 
     751        return apply_filters( 'sanitize_user', $username, $raw_username, $strict ); 
    751752} 
    752753 
    753754/** 
  • wp-admin/includes/user.php

     
    158158        if ( !empty( $pass1 ) ) 
    159159                $user->user_pass = $pass1; 
    160160 
    161         if ( !$update && !validate_username( $user->user_login ) ) 
    162                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' )); 
     161        if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) 
     162                $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses characters illegal characters. Please enter a valid username.' )); 
    163163 
    164164        if ( !$update && username_exists( $user->user_login ) ) 
    165165                $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));