WordPress.org

Make WordPress Core

Ticket #17904: 17904.2.diff

File 17904.2.diff, 12.7 KB (added by jeremyfelt, 6 years ago)
  • src/wp-admin/includes/user.php

     
    2828 * @return int user id of the updated user
    2929 */
    3030function edit_user( $user_id = 0 ) {
    31         global $wp_roles, $wpdb;
     31        global $wp_roles;
    3232        $user = new stdClass;
    3333        if ( $user_id ) {
    3434                $update = true;
     
    3939                $update = false;
    4040        }
    4141
    42         if ( !$update && isset( $_POST['user_login'] ) )
    43                 $user->user_login = sanitize_user($_POST['user_login'], true);
    44 
    4542        $pass1 = $pass2 = '';
    4643        if ( isset( $_POST['pass1'] ) )
    4744                $pass1 = $_POST['pass1'];
     
    10299        if ( !empty($_POST['use_ssl']) )
    103100                $user->use_ssl = 1;
    104101
    105         $errors = new WP_Error();
     102        if ( ! $update ) {
     103                if ( isset( $_POST['user_login'] ) )
     104                        $user_login = $_POST['user_login'];
     105                else
     106                        $user_login = '';
    106107
    107         /* checking that username has been typed */
    108         if ( $user->user_login == '' )
    109                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
     108                $user_login_validation_results = wp_validate_user_login( $user_login );
    110109
     110                if ( isset( $user_login_validation_results['errors'] ) )
     111                        $errors = $user_login_validation_results['errors'];
     112
     113                $user->user_login = $user_login_validation_results['user_login'];
     114        }
     115
     116        if ( ! isset( $errors ) )
     117                $errors = new WP_Error();
     118
    111119        /* checking the password has been typed twice */
    112120        do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );
    113121
     
    134142        if ( !empty( $pass1 ) )
    135143                $user->user_pass = $pass1;
    136144
    137         if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
    138                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
    139 
    140         if ( !$update && username_exists( $user->user_login ) )
    141                 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
    142 
    143145        /* checking e-mail address */
    144146        if ( empty( $user->user_email ) ) {
    145147                $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) );
  • src/wp-includes/ms-functions.php

     
    424424 * @uses username_exists()
    425425 * @uses email_exists()
    426426 *
    427  * @param string $user_name The login name provided by the user.
     427 * @param string $user_login The login name provided by the user.
    428428 * @param string $user_email The email provided by the user.
    429429 * @return array Contains username, email, and error messages.
    430430 */
    431 function wpmu_validate_user_signup($user_name, $user_email) {
     431function wpmu_validate_user_signup( $user_login, $user_email ) {
    432432        global $wpdb;
    433433
    434         $errors = new WP_Error();
     434        $user_login_validation_result = wp_validate_user_login( $user_login );
    435435
    436         $orig_username = $user_name;
    437         $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) );
     436        if ( isset( $user_login_validation_result['errors'] ) )
     437                $errors = $user_login_validation_result['errors'];
     438        else
     439                $errors = new WP_Error();
    438440
    439         if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {
    440                 $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) );
    441                 $user_name = $orig_username;
    442         }
    443 
    444441        $user_email = sanitize_email( $user_email );
    445442
    446         if ( empty( $user_name ) )
    447                 $errors->add('user_name', __( 'Please enter a username.' ) );
    448 
    449         $illegal_names = get_site_option( 'illegal_names' );
    450         if ( is_array( $illegal_names ) == false ) {
    451                 $illegal_names = array(  'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );
    452                 add_site_option( 'illegal_names', $illegal_names );
    453         }
    454         if ( in_array( $user_name, $illegal_names ) == true )
    455                 $errors->add('user_name',  __( 'That username is not allowed.' ) );
    456 
    457443        if ( is_email_address_unsafe( $user_email ) )
    458444                $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
    459445
    460         if ( strlen( $user_name ) < 4 )
    461                 $errors->add('user_name',  __( 'Username must be at least 4 characters.' ) );
    462 
    463         if ( strpos( ' ' . $user_name, '_' ) != false )
    464                 $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character &#8220;_&#8221;!' ) );
    465 
    466         // all numeric?
    467         if ( preg_match( '/^[0-9]*$/', $user_name ) )
    468                 $errors->add('user_name', __('Sorry, usernames must have letters too!'));
    469 
    470446        if ( !is_email( $user_email ) )
    471447                $errors->add('user_email', __( 'Please enter a valid email address.' ) );
    472448
     
    477453                        $errors->add('user_email', __('Sorry, that email address is not allowed!'));
    478454        }
    479455
    480         // Check if the username has been used already.
    481         if ( username_exists($user_name) )
    482                 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );
    483 
    484456        // Check if the email address has been used already.
    485457        if ( email_exists($user_email) )
    486458                $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) );
    487459
    488         // Has someone already signed up for this username?
    489         $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) );
    490         if ( $signup != null ) {
    491                 $registered_at =  mysql2date('U', $signup->registered);
    492                 $now = current_time( 'timestamp', true );
    493                 $diff = $now - $registered_at;
    494                 // If registered more than two days ago, cancel registration and let this signup go through.
    495                 if ( $diff > 2 * DAY_IN_SECONDS )
    496                         $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) );
    497                 else
    498                         $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.'));
    499         }
    500 
    501460        $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) );
    502461        if ( $signup != null ) {
    503462                $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered);
     
    508467                        $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.'));
    509468        }
    510469
    511         $result = array('user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors);
     470        $result = array( 'user_name' => $user_login_validation_result['user_login'], 'orig_username' => $user_login, 'user_email' => $user_email, 'errors' => $errors );
    512471
    513472        return apply_filters('wpmu_validate_user_signup', $result);
    514473}
  • src/wp-includes/user.php

     
    12391239}
    12401240
    12411241/**
     1242 * Validate a provided user_login
     1243 *
     1244 * user_login requirements:
     1245 *     - minimum of 4 characters
     1246 *     - only contains (case-insensitive) characters: a-z 0-9 _ . - @
     1247 *     - no whitespace
     1248 *     - not on blacklist of illegal names
     1249 *     - contains at least one letter
     1250 *     - must be unique
     1251 *     - not pending signup already
     1252 *
     1253 * @since 3.7.0
     1254 *
     1255 * @param string $user_login The user_login value to be be validated.
     1256 *
     1257 * @return array Contains user_login, original_user_login, and any generated errors
     1258 */
     1259function wp_validate_user_login( $user_login ) {
     1260        global $wpdb;
     1261
     1262        $original_user_login = $user_login;
     1263        $result = array();
     1264        $result['errors'] = new WP_Error();
     1265
     1266        // User login cannot be empty
     1267        if( empty( $user_login ) )
     1268                $result['errors']->add( 'user_name', __( 'Please enter a username.' ) );
     1269
     1270        // User login must be at least 4 characters
     1271        if ( strlen( $user_login ) < 4 )
     1272                $result['errors']->add( 'user_name',  __( 'Username must be at least 4 characters.' ) );
     1273
     1274        // Strip any whitespace and then match against case insensitive characters a-z 0-9 _ . - @
     1275        $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) );
     1276
     1277        // If the previous operation generated a different value, the username is invalid
     1278        if ( $user_login !== $original_user_login )
     1279                $result['errors']->add( 'user_name', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
     1280
     1281        // Check the user_login against an array of illegal names
     1282        $illegal_names = get_site_option( 'illegal_names' );
     1283        if ( false == is_array( $illegal_names ) ) {
     1284                $illegal_names = array(  'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );
     1285                add_site_option( 'illegal_names', $illegal_names );
     1286        }
     1287
     1288        if ( true === in_array( $user_login, $illegal_names ) )
     1289                $result['errors']->add( 'user_name',  __( 'That username is not allowed.' ) );
     1290
     1291        // User login must have at least one letter
     1292        if ( preg_match( '/^[0-9]*$/', $user_login ) )
     1293                $result['errors']->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) );
     1294
     1295        // Check if the username has been used already.
     1296        if ( username_exists( $user_login ) )
     1297                $result['errors']->add( 'user_name', __( 'Sorry, that username already exists!' ) );
     1298
     1299        if ( is_multisite() ) {
     1300                // Is a signup already pending for this user login?
     1301                $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s ", $user_login ) );
     1302                if ( $signup != null ) {
     1303                        $registered_at =  mysql2date( 'U', $signup->registered );
     1304                        $now = current_time( 'timestamp', true );
     1305                        $diff = $now - $registered_at;
     1306                        // If registered more than two days ago, cancel registration and let this signup go through.
     1307                        if ( $diff > 2 * DAY_IN_SECONDS )
     1308                                $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_login ) );
     1309                        else
     1310                                $result['errors']->add( 'user_name', __( 'That username is currently reserved but may be available in a couple of days.' ) );
     1311                }
     1312        }
     1313
     1314        $result['user_login']          = $user_login;
     1315        $result['original_user_login'] = $original_user_login;
     1316
     1317        return apply_filters( 'wp_validate_user_login', $result );
     1318}
     1319
     1320/**
    12421321 * Insert an user into the database.
    12431322 *
    12441323 * Can update a current user or insert a new user based on whether the user's ID
     
    16021681 * @return int|WP_Error Either user's ID or error on failure.
    16031682 */
    16041683function register_new_user( $user_login, $user_email ) {
    1605         $errors = new WP_Error();
    1606 
    1607         $sanitized_user_login = sanitize_user( $user_login );
    16081684        $user_email = apply_filters( 'user_registration_email', $user_email );
    16091685
    1610         // Check the username
    1611         if ( $sanitized_user_login == '' ) {
    1612                 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
    1613         } elseif ( ! validate_username( $user_login ) ) {
    1614                 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
    1615                 $sanitized_user_login = '';
    1616         } elseif ( username_exists( $sanitized_user_login ) ) {
    1617                 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
    1618         }
     1686        $user_login_validation_results = wp_validate_user_login( $user_login );
    16191687
     1688        if ( isset( $user_login_validation_results['errors'] ) )
     1689                $errors = $user_login_validation_results['errors'];
     1690        else
     1691                $errors = new WP_Error();
     1692
    16201693        // Check the e-mail address
    16211694        if ( $user_email == '' ) {
    16221695                $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
     
    16271700                $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
    16281701        }
    16291702
    1630         do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
     1703        do_action( 'register_post', $user_login_validation_results['user_login'], $user_email, $errors );
    16311704
    1632         $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
     1705        $errors = apply_filters( 'registration_errors', $errors, $user_login_validation_results['user_login'], $user_email );
    16331706
    16341707        if ( $errors->get_error_code() )
    16351708                return $errors;
    16361709
    16371710        $user_pass = wp_generate_password( 12, false );
    1638         $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
     1711        $user_id = wp_create_user( $user_login_validation_results['user_login'], $user_pass, $user_email );
    16391712        if ( ! $user_id || is_wp_error( $user_id ) ) {
    16401713                $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you&hellip; please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
    16411714                return $errors;