Ticket #17904: 17904.3.diff
File 17904.3.diff, 13.0 KB (added by , 9 years ago) |
---|
-
src/wp-admin/includes/user.php
20 20 /** 21 21 * Edit user settings based on contents of $_POST 22 22 * 23 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.23 * Used on user-edit.php, user-new.php, and profile.php to manage and process user options, passwords etc. 24 24 * 25 25 * @since 2.0.0 26 26 * … … 39 39 $update = false; 40 40 } 41 41 42 if ( !$update && isset( $_POST['user_login'] ) )43 $user->user_login = sanitize_user($_POST['user_login'], true);44 45 42 $pass1 = $pass2 = ''; 46 43 if ( isset( $_POST['pass1'] ) ) 47 44 $pass1 = $_POST['pass1']; … … 104 101 105 102 $errors = new WP_Error(); 106 103 107 /* checking that username has been typed*/108 if ( $user->user_login == '' )109 $ errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );104 /* Validate the user_login when not updating the user */ 105 if ( ! $update ) { 106 $user_login = ''; 110 107 108 if ( isset( $_POST['user_login'] ) ) { 109 $user_login = $_POST['user_login']; 110 } 111 112 $user->user_login = wp_validate_user_login( $user_login, $errors ); 113 } 114 111 115 /* checking that nickname has been typed */ 112 116 if ( $update && empty( $user->nickname ) ) { 113 117 $errors->add( 'nickname', __( '<strong>ERROR</strong>: Please enter a nickname.' ) ); … … 142 146 if ( !empty( $pass1 ) ) 143 147 $user->user_pass = $pass1; 144 148 145 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )146 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));147 148 if ( !$update && username_exists( $user->user_login ) )149 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));150 151 149 /** This filter is documented in wp-includes/user.php */ 152 150 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 153 151 -
src/wp-includes/ms-functions.php
400 400 * 401 401 * @global wpdb $wpdb WordPress database abstraction object. 402 402 * 403 * @param string $user_ nameThe login name provided by the user.403 * @param string $user_login The login name provided by the user. 404 404 * @param string $user_email The email provided by the user. 405 405 * @return array Contains username, email, and error messages. 406 406 */ 407 function wpmu_validate_user_signup( $user_name, $user_email) {407 function wpmu_validate_user_signup( $user_login, $user_email ) { 408 408 global $wpdb; 409 409 410 410 $errors = new WP_Error(); 411 412 $orig_username = $user_name; 413 $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); 414 415 if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { 416 $errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) ); 417 $user_name = $orig_username; 418 } 419 411 $orig_userlogin = $user_login; 412 $user_login = wp_validate_user_login( $user_login, $errors ); 420 413 $user_email = sanitize_email( $user_email ); 421 414 422 if ( empty( $user_name ) )423 $errors->add('user_name', __( 'Please enter a username.' ) );424 425 $illegal_names = get_site_option( 'illegal_names' );426 if ( ! is_array( $illegal_names ) ) {427 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );428 add_site_option( 'illegal_names', $illegal_names );429 }430 if ( in_array( $user_name, $illegal_names ) ) {431 $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );432 }433 434 /** This filter is documented in wp-includes/user.php */435 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );436 437 if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) {438 $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );439 }440 441 415 if ( is_email_address_unsafe( $user_email ) ) 442 416 $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); 443 417 444 if ( strlen( $user_name ) < 4 )445 $errors->add('user_name', __( 'Username must be at least 4 characters.' ) );446 447 if ( strlen( $user_name ) > 60 ) {448 $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) );449 }450 451 // all numeric?452 if ( preg_match( '/^[0-9]*$/', $user_name ) )453 $errors->add('user_name', __('Sorry, usernames must have letters too!'));454 455 418 if ( !is_email( $user_email ) ) 456 419 $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 457 420 … … 463 426 } 464 427 } 465 428 466 // Check if the username has been used already.467 if ( username_exists($user_name) )468 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );469 470 429 // Check if the email address has been used already. 471 430 if ( email_exists($user_email) ) 472 431 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); 473 432 474 433 // Has someone already signed up for this username? 475 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) );434 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_login ) ); 476 435 if ( $signup != null ) { 477 436 $registered_at = mysql2date('U', $signup->registered); 478 437 $now = current_time( 'timestamp', true ); … … 479 438 $diff = $now - $registered_at; 480 439 // If registered more than two days ago, cancel registration and let this signup go through. 481 440 if ( $diff > 2 * DAY_IN_SECONDS ) 482 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_ name) );441 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_login ) ); 483 442 else 484 443 $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); 485 444 } … … 494 453 $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); 495 454 } 496 455 497 $result = array( 'user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors);456 $result = array( 'user_name' => $user_login, 'orig_username' => $orig_userlogin, 'user_email' => $user_email, 'errors' => $errors ); 498 457 499 458 /** 500 459 * Filter the validated user registration details. -
src/wp-includes/user.php
2225 2225 } 2226 2226 2227 2227 /** 2228 * Validate a provided user_login 2229 * 2230 * user_login requirements: 2231 * - minimum of 4 characters 2232 * - maximum of 60 characters 2233 * - only contains (case-insensitive) characters: a-z 0-9 _ . - @ 2234 * - no whitespace 2235 * - not on blacklist of illegal names 2236 * - contains at least one letter 2237 * - must be unique 2238 * - not pending signup already 2239 * 2240 * @since TBD 2241 * 2242 * @param string $user_login The user_login value to be be validated. 2243 * 2244 * @return array Contains user_login, original_user_login, and any generated errors 2245 */ 2246 function wp_validate_user_login( $user_login = '', $errors = null ) { 2247 $original_user_login = $user_login; 2248 2249 if ( ! is_wp_error( $errors ) ) { 2250 $errors = new WP_Error(); 2251 } 2252 2253 // User login cannot be empty 2254 if ( empty( $user_login ) ) { 2255 $errors->add( 'user_name', __( 'Please enter a username.' ) ); 2256 } 2257 2258 // User login must be at least 4 characters 2259 if ( strlen( $user_login ) < 4 ) { 2260 $errors->add( 'user_name', __( 'Username must be at least 4 characters.' ) ); 2261 } 2262 2263 // User login must be less than 60 characters 2264 if ( strlen( $user_login ) > 60 ) { 2265 $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) ); 2266 } 2267 2268 // Strip any whitespace and then match against case insensitive characters a-z 0-9 _ . - @ 2269 $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); 2270 2271 // If the previous operation generated a different value, the username is invalid 2272 if ( $user_login !== $original_user_login ) { 2273 $errors->add( 'user_name', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 2274 } 2275 2276 // Check the user_login against an array of illegal names 2277 $illegal_names = get_site_option( 'illegal_names' ); 2278 if ( false == is_array( $illegal_names ) ) { 2279 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 2280 add_site_option( 'illegal_names', $illegal_names ); 2281 } 2282 /** This filter is documented in wp-includes/user.php */ 2283 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 2284 2285 if ( true === in_array( $user_login, $illegal_names ) ) { 2286 $errors->add( 'user_name', __( 'That username is not allowed.' ) ); 2287 } 2288 2289 // User login must have at least one letter 2290 if ( preg_match( '/^[0-9]*$/', $user_login ) ) { 2291 $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) ); 2292 } 2293 2294 // Check if the username has been used already. 2295 if ( username_exists( $user_login ) ) { 2296 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 2297 } 2298 2299 /** 2300 * Filter a user's login after it has been validated for creation. 2301 * 2302 * @since TBD 2303 * 2304 * @param string $user_login The user's login. 2305 * @param string $original_user_login The original user login. 2306 * @param WP_Error $errors User's feedback error messages. 2307 * } 2308 */ 2309 return apply_filters_ref_array( 'wp_validate_user_login', array( $user_login, $original_user_login, &$errors ) ); 2310 } 2311 2312 /** 2228 2313 * Handles registering a new user. 2229 2314 * 2230 2315 * @since 2.5.0 … … 2236 2321 function register_new_user( $user_login, $user_email ) { 2237 2322 $errors = new WP_Error(); 2238 2323 2239 $sanitized_user_login = sanitize_user( $user_login );2240 2324 /** 2241 2325 * Filter the email address of a user being registered. 2242 2326 * … … 2246 2330 */ 2247 2331 $user_email = apply_filters( 'user_registration_email', $user_email ); 2248 2332 2249 // Check the username 2250 if ( $sanitized_user_login == '' ) { 2251 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 2252 } elseif ( ! validate_username( $user_login ) ) { 2253 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 2254 $sanitized_user_login = ''; 2255 } elseif ( username_exists( $sanitized_user_login ) ) { 2256 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); 2333 // Validate the username 2334 $sanitized_user_login = wp_validate_user_login( $user_login, $errors ); 2257 2335 2258 } else {2259 /** This filter is documented in wp-includes/user.php */2260 $illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) );2261 if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) {2262 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );2263 }2264 }2265 2266 2336 // Check the email address 2267 2337 if ( $user_email == '' ) { 2268 2338 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your email address.' ) ); -
src/wp-signup.php
639 639 $errors = $filtered_results['errors']; 640 640 641 641 if ( empty($blogname) ) 642 $blogname = $user_name;642 $blogname = preg_replace( '|[ _.\-@]|i', '', $user_name ); 643 643 ?> 644 644 <form id="setupform" method="post" action="wp-signup.php"> 645 645 <input type="hidden" name="stage" value="validate-blog-signup" /> -
tests/phpunit/tests/multisite/wpmuValidateUserSignup.php
9 9 /** 10 10 * @dataProvider data_user_name 11 11 */ 12 public function test_user_name( $user_ name, $error_message ) {13 $v = wpmu_validate_user_signup( $user_ name, 'foo@example.com' );12 public function test_user_name( $user_login, $error_message ) { 13 $v = wpmu_validate_user_signup( $user_login, 'foo@example.com' ); 14 14 $this->assertContains( 'user_name', $v['errors']->get_error_codes(), $error_message ); 15 15 } 16 16 … … 18 18 return array( 19 19 array( 'contains spaces', 'User names with spaces are not allowed.' ), 20 20 array( 'ContainsCaps', 'User names with capital letters are not allowed.' ), 21 array( 'contains_underscores', 'User names with underscores are not allowed.' ),22 21 array( 'contains%^*()junk', 'User names with non-alphanumeric characters are not allowed.' ), 23 22 array( '', 'Empty user names are not allowed.' ), 24 23 array( 'foo', 'User names of 3 characters are not allowed.' ),