Ticket #17904: 17904.4.patch
| File 17904.4.patch, 13.5 KB (added by , 9 years ago) |
|---|
-
src/wp-admin/includes/user.php
diff --git src/wp-admin/includes/user.php src/wp-admin/includes/user.php index 8304314..d023239 100644
function add_user() { 20 20 /** 21 21 * Edit user settings based on contents of $_POST 22 22 * 23 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.23 * Used on user-edit.php, user-new.php, and profile.php to manage and process user options, passwords etc. 24 24 * 25 25 * @since 2.0.0 26 26 * … … function edit_user( $user_id = 0 ) { 39 39 $update = false; 40 40 } 41 41 42 if ( !$update && isset( $_POST['user_login'] ) )43 $user->user_login = sanitize_user($_POST['user_login'], true);44 45 42 $pass1 = $pass2 = ''; 46 43 if ( isset( $_POST['pass1'] ) ) 47 44 $pass1 = $_POST['pass1']; … … function edit_user( $user_id = 0 ) { 104 101 105 102 $errors = new WP_Error(); 106 103 107 /* checking that username has been typed */ 108 if ( $user->user_login == '' ) 109 $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 104 /* Validate the user_login when not updating the user */ 105 if ( ! $update ) { 106 $user_login = ''; 107 108 if ( isset( $_POST['user_login'] ) ) { 109 $user_login = $_POST['user_login']; 110 } 111 112 $user->user_login = wp_validate_user_login( $user_login, $errors ); 113 } 110 114 111 115 /* checking the password has been typed twice */ 112 116 /** … … function edit_user( $user_id = 0 ) { 143 147 if ( !empty( $pass1 ) ) 144 148 $user->user_pass = $pass1; 145 149 146 if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )147 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));148 149 if ( !$update && username_exists( $user->user_login ) )150 $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));151 152 150 /* checking e-mail address */ 153 151 if ( empty( $user->user_email ) ) { 154 152 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an e-mail address.' ), array( 'form-field' => 'email' ) ); -
src/wp-includes/ms-functions.php
diff --git src/wp-includes/ms-functions.php src/wp-includes/ms-functions.php index 487d840..55580e1 100644
function is_email_address_unsafe( $user_email ) { 458 458 * 459 459 * @global wpdb $wpdb 460 460 * 461 * @param string $user_ nameThe login name provided by the user.461 * @param string $user_login The login name provided by the user. 462 462 * @param string $user_email The email provided by the user. 463 463 * @return array Contains username, email, and error messages. 464 464 */ 465 function wpmu_validate_user_signup( $user_name, $user_email) {465 function wpmu_validate_user_signup( $user_login, $user_email ) { 466 466 global $wpdb; 467 467 468 468 $errors = new WP_Error(); 469 $orig_userlogin = $user_login; 469 470 470 $orig_username = $user_name; 471 $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); 472 473 if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { 474 $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) ); 475 $user_name = $orig_username; 476 } 471 $user_login = wp_validate_user_login( $user_login, $errors ); 477 472 478 473 $user_email = sanitize_email( $user_email ); 479 474 480 if ( empty( $user_name ) ) 481 $errors->add('user_name', __( 'Please enter a username.' ) ); 482 483 $illegal_names = get_site_option( 'illegal_names' ); 484 if ( ! is_array( $illegal_names ) ) { 485 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 486 add_site_option( 'illegal_names', $illegal_names ); 487 } 488 if ( in_array( $user_name, $illegal_names ) ) 489 $errors->add('user_name', __( 'That username is not allowed.' ) ); 490 491 if ( is_email_address_unsafe( $user_email ) ) 475 if ( is_email_address_unsafe( $user_email ) ) { 492 476 $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); 493 494 if ( strlen( $user_name ) < 4 )495 $errors->add('user_name', __( 'Username must be at least 4 characters.' ) );496 497 if ( strlen( $user_name ) > 60 ) {498 $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) );499 477 } 500 478 501 if ( strpos( $user_name, '_' ) !== false ) 502 $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) ); 503 504 // all numeric? 505 if ( preg_match( '/^[0-9]*$/', $user_name ) ) 506 $errors->add('user_name', __('Sorry, usernames must have letters too!')); 507 508 if ( !is_email( $user_email ) ) 479 if ( ! is_email( $user_email ) ) { 509 480 $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 481 } 510 482 511 483 $limited_email_domains = get_site_option( 'limited_email_domains' ); 512 484 if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { … … function wpmu_validate_user_signup($user_name, $user_email) { 516 488 } 517 489 } 518 490 519 // Check if the username has been used already.520 if ( username_exists($user_name) )521 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );522 523 491 // Check if the email address has been used already. 524 if ( email_exists( $user_email) )492 if ( email_exists( $user_email ) ) { 525 493 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); 494 } 526 495 527 496 // Has someone already signed up for this username? 528 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_ name) );497 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_login ) ); 529 498 if ( $signup != null ) { 530 499 $registered_at = mysql2date('U', $signup->registered); 531 500 $now = current_time( 'timestamp', true ); 532 501 $diff = $now - $registered_at; 533 502 // If registered more than two days ago, cancel registration and let this signup go through. 534 if ( $diff > 2 * DAY_IN_SECONDS ) 535 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_ name) );536 else503 if ( $diff > 2 * DAY_IN_SECONDS ) { 504 $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_login ) ); 505 } else { 537 506 $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); 507 } 538 508 } 539 509 540 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) );510 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email ) ); 541 511 if ( $signup != null ) { 542 512 $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); 543 513 // If registered more than two days ago, cancel registration and let this signup go through. 544 if ( $diff > 2 * DAY_IN_SECONDS ) 514 if ( $diff > 2 * DAY_IN_SECONDS ) { 545 515 $wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) ); 546 else516 } else { 547 517 $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); 518 } 548 519 } 549 520 550 $result = array( 'user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors);521 $result = array( 'user_name' => $user_login, 'orig_username' => $orig_userlogin, 'user_email' => $user_email, 'errors' => $errors ); 551 522 552 523 /** 553 524 * Filter the validated user registration details. -
src/wp-includes/user.php
diff --git src/wp-includes/user.php src/wp-includes/user.php index 1c8a5b3..916e075 100644
function validate_username( $username ) { 1803 1803 } 1804 1804 1805 1805 /** 1806 * Validate a provided user_login 1807 * 1808 * user_login requirements: 1809 * - minimum of 4 characters 1810 * - maximum of 60 characters 1811 * - only contains (case-insensitive) characters: a-z 0-9 _ . - @ 1812 * - no whitespace 1813 * - not on blacklist of illegal names 1814 * - contains at least one letter 1815 * - must be unique 1816 * - not pending signup already 1817 * 1818 * @since TBD 1819 * 1820 * @param string $user_login The user_login value to be be validated. 1821 * 1822 * @return array Contains user_login, original_user_login, and any generated errors 1823 */ 1824 function wp_validate_user_login( $user_login = '', $errors = null ) { 1825 $original_user_login = $user_login; 1826 1827 if ( ! is_wp_error( $errors ) ) { 1828 $errors = new WP_Error(); 1829 } 1830 1831 // User login cannot be empty 1832 if ( empty( $user_login ) ) { 1833 $errors->add( 'user_name', __( 'Please enter a username.' ) ); 1834 } 1835 1836 // User login must be at least 4 characters 1837 if ( strlen( $user_login ) < 4 ) { 1838 $errors->add( 'user_name', __( 'Username must be at least 4 characters.' ) ); 1839 } 1840 1841 // User login must be less than 60 characters 1842 if ( strlen( $user_login ) > 60 ) { 1843 $errors->add( 'user_name', __( 'Username may not be longer than 60 characters.' ) ); 1844 } 1845 1846 // Strip any whitespace and then match against case insensitive characters a-z 0-9 _ . - @ 1847 $user_login = preg_replace( '/\s+/', '', sanitize_user( $user_login, true ) ); 1848 1849 // If the previous operation generated a different value, the username is invalid 1850 if ( $user_login !== $original_user_login ) { 1851 $errors->add( 'user_name', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 1852 } 1853 1854 // Check the user_login against an array of illegal names 1855 $illegal_names = get_site_option( 'illegal_names' ); 1856 if ( false == is_array( $illegal_names ) ) { 1857 $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); 1858 add_site_option( 'illegal_names', $illegal_names ); 1859 } 1860 1861 if ( true === in_array( $user_login, $illegal_names ) ) { 1862 $errors->add( 'user_name', __( 'That username is not allowed.' ) ); 1863 } 1864 1865 // User login must have at least one letter 1866 if ( preg_match( '/^[0-9]*$/', $user_login ) ) { 1867 $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!' ) ); 1868 } 1869 1870 // Check if the username has been used already. 1871 if ( username_exists( $user_login ) ) { 1872 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 1873 } 1874 1875 /** 1876 * Filter a user's login after it has been validated for creation. 1877 * 1878 * @since TBD 1879 * 1880 * @param string $user_login The user's login. 1881 * @param string $original_user_login The original user login. 1882 * @param WP_Error $errors User's feedback error messages. 1883 * } 1884 */ 1885 return apply_filters_ref_array( 'wp_validate_user_login', array( $user_login, $original_user_login, &$errors ) ); 1886 } 1887 1888 /** 1806 1889 * Insert a user into the database. 1807 1890 * 1808 1891 * Most of the `$userdata` array fields have filters associated with the values. Exceptions are … … function reset_password( $user, $new_pass ) { 2542 2625 function register_new_user( $user_login, $user_email ) { 2543 2626 $errors = new WP_Error(); 2544 2627 2545 $sanitized_user_login = sanitize_user( $user_login );2546 2628 /** 2547 2629 * Filter the email address of a user being registered. 2548 2630 * … … function register_new_user( $user_login, $user_email ) { 2552 2634 */ 2553 2635 $user_email = apply_filters( 'user_registration_email', $user_email ); 2554 2636 2555 // Check the username 2556 if ( $sanitized_user_login == '' ) { 2557 $errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) ); 2558 } elseif ( ! validate_username( $user_login ) ) { 2559 $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); 2560 $sanitized_user_login = ''; 2561 } elseif ( username_exists( $sanitized_user_login ) ) { 2562 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) ); 2563 } 2637 // Validate the username 2638 $sanitized_user_login = wp_validate_user_login( $user_login, $errors ); 2564 2639 2565 2640 // Check the e-mail address 2566 2641 if ( $user_email == '' ) { -
src/wp-signup.php
diff --git src/wp-signup.php src/wp-signup.php index 3373f8e..72d7393 100644
do_action( 'before_signup_form' ); 89 89 */ 90 90 function show_blog_form( $blogname = '', $blog_title = '', $errors = '' ) { 91 91 $current_site = get_current_site(); 92 92 93 // Blog name 94 $blogname = preg_replace( '|[_.\-@]|i', '', $blogname ); 95 93 96 if ( !is_subdomain_install() ) 94 97 echo '<label for="blogname">' . __('Site Name:') . '</label>'; 95 98 else -
tests/phpunit/tests/multisite/wpmuValidateUserSignup.php
diff --git tests/phpunit/tests/multisite/wpmuValidateUserSignup.php tests/phpunit/tests/multisite/wpmuValidateUserSignup.php index a368288..c69ec97 100644
class Tests_Multisite_WpmuValidateUserSignup extends WP_UnitTestCase { 9 9 /** 10 10 * @dataProvider data_user_name 11 11 */ 12 public function test_user_name( $user_ name, $error_message ) {13 $v = wpmu_validate_user_signup( $user_ name, 'foo@example.com' );12 public function test_user_name( $user_login, $error_message ) { 13 $v = wpmu_validate_user_signup( $user_login, 'foo@example.com' ); 14 14 $this->assertContains( 'user_name', $v['errors']->get_error_codes(), $error_message ); 15 15 } 16 16 … … class Tests_Multisite_WpmuValidateUserSignup extends WP_UnitTestCase { 18 18 return array( 19 19 array( 'contains spaces', 'User names with spaces are not allowed.' ), 20 20 array( 'ContainsCaps', 'User names with capital letters are not allowed.' ), 21 array( 'contains_underscores', 'User names with underscores are not allowed.' ),22 21 array( 'contains%^*()junk', 'User names with non-alphanumeric characters are not allowed.' ), 23 22 array( '', 'Empty user names are not allowed.' ), 24 23 array( 'foo', 'User names of 3 characters are not allowed.' ),