Ticket #27317: 27317.2.diff

src/wp-includes/user.php

@@ -2124 +2124 @@
                 $sanitized_user_login = '';
         } elseif ( username_exists( $sanitized_user_login ) ) {
                 $errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
+
+        } else {
+                /** This filter is documented in wp-includes/user.php */
+                $illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) );
+                if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) {
+                        $errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
+                }
         }
 
         // Check the email address

tests/phpunit/tests/user.php

@@ -633 +633 @@
 
         /**
          * @ticket 27317
+         * @dataProvider _illegal_user_logins_data
+         */
+        function test_illegal_user_logins_single_wp_create_user( $user_login ) {
+                $user_email = 'testuser-' . $user_login . '@example.com';
+
+                add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+                $response = register_new_user( $user_login, $user_email );
+                $this->assertInstanceOf( 'WP_Error', $response );
+                $this->assertEquals( 'illegal_user_login', $response->get_error_code() );
+
+                remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+                $response = register_new_user( $user_login, $user_email );
+                $user = get_user_by( 'id', $response );
+                $this->assertInstanceOf( 'WP_User', $user );
+        }
+
+
+        /**
+         * @ticket 27317
          */
         function test_illegal_user_logins_multisite() {
                 if ( ! is_multisite() ) {