Ticket #17904: 17904.3.patch
File 17904.3.patch, 11.5 KB (added by , 10 years ago) |
---|
-
src/wp-admin/includes/user.php
diff --git src/wp-admin/includes/user.php src/wp-admin/includes/user.php index bcf1362..e799a23 100644
function add_user() { 20 20 /** 21 21 * Edit user settings based on contents of $_POST 22 22 * 23 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.23 * Used on user-edit.php, user-new.php, and profile.php to manage and process user options, passwords etc. 24 24 * 25 25 * @since 2.0.0 26 26 * … … function edit_user( $user_id = 0 ) { 39 39 $update = false; 40 40 } 41 41 42 if ( !$update && isset( $_POST['user_login'] ) )43 $user->user_login = sanitize_user($_POST['user_login'], true);44 45 42 $pass1 = $pass2 = ''; 46 43 if ( isset( $_POST['pass1'] ) ) 47 44 $pass1 = $_POST['pass1']; … … function edit_user( $user_id = 0 ) { 104 101 105 102 $errors = new WP_Error(); 106 103 107 /* checking that username has been typed */ 108 if ( $user->user_login == '' ) 109 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 104 /* Validate the user_login when not updating the user */ 105 if ( ! $update ) { 106 $user_login = ''; 107 108 if ( isset( $_POST['user_login'] ) ) { 109 $user_login = $_POST['user_login']; 110 } 111 112 $user->user_login = wp_validate_user_login( $user_login, $errors ); 113 } 110 114 111 115 /* checking the password has been typed twice */ 112 116 /** … … function edit_user( $user_id = 0 ) { 143 147 if ( !empty( $pass1 ) ) 144 148 $user->user_pass = $pass1; 145 149 146 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )147 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));148 149 if ( !$update && username_exists( $user->user_login ) )150 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));151 152 150 /* checking e-mail address */ 153 151 if ( empty( $user->user_email ) ) { 154 152 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) ); -
src/wp-includes/ms-functions.php
diff --git src/wp-includes/ms-functions.php src/wp-includes/ms-functions.php index f2df7e3..66288d0 100644
function is_email_address_unsafe( $user_email ) { 450 450 * 451 451 * @since MU 452 452 * 453 * @param string $user_ nameThe login name provided by the user.453 * @param string $user_login The login name provided by the user. 454 454 * @param string $user_email The email provided by the user. 455 455 * @return array Contains username, email, and error messages. 456 456 */ 457 function wpmu_validate_user_signup( $user_name, $user_email) {457 function wpmu_validate_user_signup( $user_login, $user_email ) { 458 458 global $wpdb; 459 459 460 460 $errors = new WP_Error(); 461 $orig_userlogin = $user_login; 461 462 462 $orig_username = $user_name; 463 $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); 464 465 if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { 466 $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) ); 467 $user_name = $orig_username; 468 } 463 $user_login = wp_validate_user_login( $user_login, $errors ); 469 464 470 465 $user_email = sanitize_email( $user_email ); 471 466 472 if ( empty( $user_name ) ) 473 $errors->add('user_name', __( 'Please enter a username.' ) ); 474 475 $illegal_names = get_site_option( 'illegal_names' ); 476 if ( is_array( $illegal_names ) == false ) { 477 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 478 add_site_option( 'illegal_names', $illegal_names ); 479 } 480 if ( in_array( $user_name, $illegal_names ) == true ) 481 $errors->add('user_name', __( 'That username is not allowed.' ) ); 482 483 if ( is_email_address_unsafe( $user_email ) ) 467 if ( is_email_address_unsafe( $user_email ) ) { 484 468 $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); 469 } 485 470 486 if ( strlen( $user_name ) < 4 ) 487 $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); 488 489 if ( strpos( ' ' . $user_name, '_' ) != false ) 490 $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) ); 491 492 // all numeric? 493 if ( preg_match( '/^[0-9]*$/', $user_name ) ) 494 $errors->add('user_name', __('Sorry, usernames must have letters too!')); 495 496 if ( !is_email( $user_email ) ) 471 if ( ! is_email( $user_email ) ) { 497 472 $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 473 } 498 474 499 475 $limited_email_domains = get_site_option( 'limited_email_domains' ); 500 476 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { … … function wpmu_validate_user_signup($user_name, $user_email) { 503 479 $errors->add('user_email', __('Sorry, that email address is not allowed!')); 504 480 } 505 481 506 // Check if the username has been used already.507 if ( username_exists($user_name) )508 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );509 510 482 // Check if the email address has been used already. 511 if ( email_exists( $user_email) )483 if ( email_exists( $user_email ) ) { 512 484 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); 485 } 513 486 514 487 // Has someone already signed up for this username? 515 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_ name) );488 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_login ) ); 516 489 if ( $signup != null ) { 517 490 $registered_at = mysql2date('U', $signup->registered); 518 491 $now = current_time( 'timestamp', true ); 519 492 $diff = $now - $registered_at; 520 493 // If registered more than two days ago, cancel registration and let this signup go through. 521 if ( $diff > 2 * DAY_IN_SECONDS ) 522 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_ name) );523 else494 if ( $diff > 2 * DAY_IN_SECONDS ) { 495 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_login ) ); 496 } else { 524 497 $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); 498 } 525 499 } 526 500 527 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) );501 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) ); 528 502 if ( $signup != null ) { 529 503 $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); 530 504 // If registered more than two days ago, cancel registration and let this signup go through. 531 if ( $diff > 2 * DAY_IN_SECONDS ) 505 if ( $diff > 2 * DAY_IN_SECONDS ) { 532 506 $wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) ); 533 else507 } else { 534 508 $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); 509 } 535 510 } 536 511 537 $result = array( 'user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors);512 $result = array( 'user_name' => $user_login, 'orig_username' => $orig_userlogin, 'user_email' => $user_email, 'errors' => $errors ); 538 513 539 514 /** 540 515 * Filter the validated user registration details. -
src/wp-includes/user.php
diff --git src/wp-includes/user.php src/wp-includes/user.php index 5f98b1e..4324740 100644
function validate_username( $username ) { 1667 1667 } 1668 1668 1669 1669 /** 1670 * Validate a provided user_login 1671 * 1672 * user_login requirements: 1673 * - minimum of 4 characters 1674 * - only contains (case-insensitive) characters: a-z 0-9 _ . - @ 1675 * - no whitespace 1676 * - not on blacklist of illegal names 1677 * - contains at least one letter 1678 * - must be unique 1679 * - not pending signup already 1680 * 1681 * @since TBD 1682 * 1683 * @param string $user_login The user_login value to be be validated. 1684 * 1685 * @return array Contains user_login, original_user_login, and any generated errors 1686 */ 1687 function wp_validate_user_login( $user_login = '', $errors = null ) { 1688 $original_user_login = $user_login; 1689 1690 if ( ! is_wp_error( $errors ) ) { 1691 $errors = new WP_Error(); 1692 } 1693 1694 // User login cannot be empty 1695 if ( empty( $user_login ) ) { 1696 $errors->add( 'user_name', __( 'Please enter a username.' ) ); 1697 } 1698 1699 // User login must be at least 4 characters 1700 if ( strlen( $user_login ) < 4 ) { 1701 $errors->add( 'user_name', __( 'Username must be at least 4 characters.' ) ); 1702 } 1703 1704 // Strip any whitespace and then match against case insensitive characters a-z 0-9 _ . - @ 1705 $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); 1706 1707 // If the previous operation generated a different value, the username is invalid 1708 if ( $user_login !== $original_user_login ) { 1709 $errors->add( 'user_name', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 1710 } 1711 1712 // Check the user_login against an array of illegal names 1713 $illegal_names = get_site_option( 'illegal_names' ); 1714 if ( false == is_array( $illegal_names ) ) { 1715 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 1716 add_site_option( 'illegal_names', $illegal_names ); 1717 } 1718 1719 if ( true === in_array( $user_login, $illegal_names ) ) { 1720 $errors->add( 'user_name', __( 'That username is not allowed.' ) ); 1721 } 1722 1723 // User login must have at least one letter 1724 if ( preg_match( '/^[0-9]*$/', $user_login ) ) { 1725 $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) ); 1726 } 1727 1728 // Check if the username has been used already. 1729 if ( username_exists( $user_login ) ) { 1730 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 1731 } 1732 1733 /** 1734 * Filter a user's login after it has been validated for creation. 1735 * 1736 * @since TBD 1737 * 1738 * @param string $user_login The user's login. 1739 * @param string $original_user_login The original user login. 1740 * @param WP_Error $errors User's feedback error messages. 1741 * } 1742 */ 1743 return apply_filters_ref_array( 'wp_validate_user_login', array( $user_login, $original_user_login, &$errors ) ); 1744 } 1745 1746 /** 1670 1747 * Insert an user into the database. 1671 1748 * 1672 1749 * Most of the $userdata array fields have filters associated with the values. … … function reset_password( $user, $new_pass ) { 2216 2293 function register_new_user( $user_login, $user_email ) { 2217 2294 $errors = new WP_Error(); 2218 2295 2219 $sanitized_user_login = sanitize_user( $user_login );2220 2296 /** 2221 2297 * Filter the email address of a user being registered. 2222 2298 * … … function register_new_user( $user_login, $user_email ) { 2226 2302 */ 2227 2303 $user_email = apply_filters( 'user_registration_email', $user_email ); 2228 2304 2229 // Check the username 2230 if ( $sanitized_user_login == '' ) { 2231 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 2232 } elseif ( ! validate_username( $user_login ) ) { 2233 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 2234 $sanitized_user_login = ''; 2235 } elseif ( username_exists( $sanitized_user_login ) ) { 2236 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); 2237 } 2305 // Validate the username 2306 $sanitized_user_login = wp_validate_user_login( $user_login, $errors ); 2238 2307 2239 2308 // Check the e-mail address 2240 2309 if ( $user_email == '' ) {