Ticket #17904: 17904.2.diff
File 17904.2.diff, 12.7 KB (added by , 11 years ago) |
---|
-
src/wp-admin/includes/user.php
28 28 * @return int user id of the updated user 29 29 */ 30 30 function edit_user( $user_id = 0 ) { 31 global $wp_roles , $wpdb;31 global $wp_roles; 32 32 $user = new stdClass; 33 33 if ( $user_id ) { 34 34 $update = true; … … 39 39 $update = false; 40 40 } 41 41 42 if ( !$update && isset( $_POST['user_login'] ) )43 $user->user_login = sanitize_user($_POST['user_login'], true);44 45 42 $pass1 = $pass2 = ''; 46 43 if ( isset( $_POST['pass1'] ) ) 47 44 $pass1 = $_POST['pass1']; … … 102 99 if ( !empty($_POST['use_ssl']) ) 103 100 $user->use_ssl = 1; 104 101 105 $errors = new WP_Error(); 102 if ( ! $update ) { 103 if ( isset( $_POST['user_login'] ) ) 104 $user_login = $_POST['user_login']; 105 else 106 $user_login = ''; 106 107 107 /* checking that username has been typed */ 108 if ( $user->user_login == '' ) 109 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 108 $user_login_validation_results = wp_validate_user_login( $user_login ); 110 109 110 if ( isset( $user_login_validation_results['errors'] ) ) 111 $errors = $user_login_validation_results['errors']; 112 113 $user->user_login = $user_login_validation_results['user_login']; 114 } 115 116 if ( ! isset( $errors ) ) 117 $errors = new WP_Error(); 118 111 119 /* checking the password has been typed twice */ 112 120 do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) ); 113 121 … … 134 142 if ( !empty( $pass1 ) ) 135 143 $user->user_pass = $pass1; 136 144 137 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )138 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));139 140 if ( !$update && username_exists( $user->user_login ) )141 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));142 143 145 /* checking e-mail address */ 144 146 if ( empty( $user->user_email ) ) { 145 147 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) ); -
src/wp-includes/ms-functions.php
424 424 * @uses username_exists() 425 425 * @uses email_exists() 426 426 * 427 * @param string $user_ nameThe login name provided by the user.427 * @param string $user_login The login name provided by the user. 428 428 * @param string $user_email The email provided by the user. 429 429 * @return array Contains username, email, and error messages. 430 430 */ 431 function wpmu_validate_user_signup( $user_name, $user_email) {431 function wpmu_validate_user_signup( $user_login, $user_email ) { 432 432 global $wpdb; 433 433 434 $ errors = new WP_Error();434 $user_login_validation_result = wp_validate_user_login( $user_login ); 435 435 436 $orig_username = $user_name; 437 $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); 436 if ( isset( $user_login_validation_result['errors'] ) ) 437 $errors = $user_login_validation_result['errors']; 438 else 439 $errors = new WP_Error(); 438 440 439 if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {440 $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) );441 $user_name = $orig_username;442 }443 444 441 $user_email = sanitize_email( $user_email ); 445 442 446 if ( empty( $user_name ) )447 $errors->add('user_name', __( 'Please enter a username.' ) );448 449 $illegal_names = get_site_option( 'illegal_names' );450 if ( is_array( $illegal_names ) == false ) {451 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );452 add_site_option( 'illegal_names', $illegal_names );453 }454 if ( in_array( $user_name, $illegal_names ) == true )455 $errors->add('user_name', __( 'That username is not allowed.' ) );456 457 443 if ( is_email_address_unsafe( $user_email ) ) 458 444 $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); 459 445 460 if ( strlen( $user_name ) < 4 )461 $errors->add('user_name', __( 'Username must be at least 4 characters.' ) );462 463 if ( strpos( ' ' . $user_name, '_' ) != false )464 $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) );465 466 // all numeric?467 if ( preg_match( '/^[0-9]*$/', $user_name ) )468 $errors->add('user_name', __('Sorry, usernames must have letters too!'));469 470 446 if ( !is_email( $user_email ) ) 471 447 $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 472 448 … … 477 453 $errors->add('user_email', __('Sorry, that email address is not allowed!')); 478 454 } 479 455 480 // Check if the username has been used already.481 if ( username_exists($user_name) )482 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );483 484 456 // Check if the email address has been used already. 485 457 if ( email_exists($user_email) ) 486 458 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); 487 459 488 // Has someone already signed up for this username?489 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) );490 if ( $signup != null ) {491 $registered_at = mysql2date('U', $signup->registered);492 $now = current_time( 'timestamp', true );493 $diff = $now - $registered_at;494 // If registered more than two days ago, cancel registration and let this signup go through.495 if ( $diff > 2 * DAY_IN_SECONDS )496 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) );497 else498 $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.'));499 }500 501 460 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) ); 502 461 if ( $signup != null ) { 503 462 $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); … … 508 467 $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); 509 468 } 510 469 511 $result = array( 'user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors);470 $result = array( 'user_name' => $user_login_validation_result['user_login'], 'orig_username' => $user_login, 'user_email' => $user_email, 'errors' => $errors ); 512 471 513 472 return apply_filters('wpmu_validate_user_signup', $result); 514 473 } -
src/wp-includes/user.php
1239 1239 } 1240 1240 1241 1241 /** 1242 * Validate a provided user_login 1243 * 1244 * user_login requirements: 1245 * - minimum of 4 characters 1246 * - only contains (case-insensitive) characters: a-z 0-9 _ . - @ 1247 * - no whitespace 1248 * - not on blacklist of illegal names 1249 * - contains at least one letter 1250 * - must be unique 1251 * - not pending signup already 1252 * 1253 * @since 3.7.0 1254 * 1255 * @param string $user_login The user_login value to be be validated. 1256 * 1257 * @return array Contains user_login, original_user_login, and any generated errors 1258 */ 1259 function wp_validate_user_login( $user_login ) { 1260 global $wpdb; 1261 1262 $original_user_login = $user_login; 1263 $result = array(); 1264 $result['errors'] = new WP_Error(); 1265 1266 // User login cannot be empty 1267 if( empty( $user_login ) ) 1268 $result['errors']->add( 'user_name', __( 'Please enter a username.' ) ); 1269 1270 // User login must be at least 4 characters 1271 if ( strlen( $user_login ) < 4 ) 1272 $result['errors']->add( 'user_name', __( 'Username must be at least 4 characters.' ) ); 1273 1274 // Strip any whitespace and then match against case insensitive characters a-z 0-9 _ . - @ 1275 $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); 1276 1277 // If the previous operation generated a different value, the username is invalid 1278 if ( $user_login !== $original_user_login ) 1279 $result['errors']->add( 'user_name', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 1280 1281 // Check the user_login against an array of illegal names 1282 $illegal_names = get_site_option( 'illegal_names' ); 1283 if ( false == is_array( $illegal_names ) ) { 1284 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 1285 add_site_option( 'illegal_names', $illegal_names ); 1286 } 1287 1288 if ( true === in_array( $user_login, $illegal_names ) ) 1289 $result['errors']->add( 'user_name', __( 'That username is not allowed.' ) ); 1290 1291 // User login must have at least one letter 1292 if ( preg_match( '/^[0-9]*$/', $user_login ) ) 1293 $result['errors']->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) ); 1294 1295 // Check if the username has been used already. 1296 if ( username_exists( $user_login ) ) 1297 $result['errors']->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 1298 1299 if ( is_multisite() ) { 1300 // Is a signup already pending for this user login? 1301 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s ", $user_login ) ); 1302 if ( $signup != null ) { 1303 $registered_at = mysql2date( 'U', $signup->registered ); 1304 $now = current_time( 'timestamp', true ); 1305 $diff = $now - $registered_at; 1306 // If registered more than two days ago, cancel registration and let this signup go through. 1307 if ( $diff > 2 * DAY_IN_SECONDS ) 1308 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_login ) ); 1309 else 1310 $result['errors']->add( 'user_name', __( 'That username is currently reserved but may be available in a couple of days.' ) ); 1311 } 1312 } 1313 1314 $result['user_login'] = $user_login; 1315 $result['original_user_login'] = $original_user_login; 1316 1317 return apply_filters( 'wp_validate_user_login', $result ); 1318 } 1319 1320 /** 1242 1321 * Insert an user into the database. 1243 1322 * 1244 1323 * Can update a current user or insert a new user based on whether the user's ID … … 1602 1681 * @return int|WP_Error Either user's ID or error on failure. 1603 1682 */ 1604 1683 function register_new_user( $user_login, $user_email ) { 1605 $errors = new WP_Error();1606 1607 $sanitized_user_login = sanitize_user( $user_login );1608 1684 $user_email = apply_filters( 'user_registration_email', $user_email ); 1609 1685 1610 // Check the username 1611 if ( $sanitized_user_login == '' ) { 1612 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 1613 } elseif ( ! validate_username( $user_login ) ) { 1614 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 1615 $sanitized_user_login = ''; 1616 } elseif ( username_exists( $sanitized_user_login ) ) { 1617 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); 1618 } 1686 $user_login_validation_results = wp_validate_user_login( $user_login ); 1619 1687 1688 if ( isset( $user_login_validation_results['errors'] ) ) 1689 $errors = $user_login_validation_results['errors']; 1690 else 1691 $errors = new WP_Error(); 1692 1620 1693 // Check the e-mail address 1621 1694 if ( $user_email == '' ) { 1622 1695 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) ); … … 1627 1700 $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) ); 1628 1701 } 1629 1702 1630 do_action( 'register_post', $ sanitized_user_login, $user_email, $errors );1703 do_action( 'register_post', $user_login_validation_results['user_login'], $user_email, $errors ); 1631 1704 1632 $errors = apply_filters( 'registration_errors', $errors, $ sanitized_user_login, $user_email );1705 $errors = apply_filters( 'registration_errors', $errors, $user_login_validation_results['user_login'], $user_email ); 1633 1706 1634 1707 if ( $errors->get_error_code() ) 1635 1708 return $errors; 1636 1709 1637 1710 $user_pass = wp_generate_password( 12, false ); 1638 $user_id = wp_create_user( $ sanitized_user_login, $user_pass, $user_email );1711 $user_id = wp_create_user( $user_login_validation_results['user_login'], $user_pass, $user_email ); 1639 1712 if ( ! $user_id || is_wp_error( $user_id ) ) { 1640 1713 $errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn’t register you… please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) ); 1641 1714 return $errors;