WordPress.org

Make WordPress Core

Ticket #29696: 29696.2.patch

File 29696.2.patch, 1.7 KB (added by boonebgorges, 6 years ago)
  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 141fff3..1d00523 100644
    function wp_insert_user( $userdata ) { 
    16761676        if ( ! $update && username_exists( $user_login ) ) {
    16771677                return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
    16781678        }
    1679         if ( empty( $userdata['user_nicename'] ) ) {
    1680                 $user_nicename = sanitize_title( $user_login );
     1679
     1680        // If a nicename is provided, remove unsafe user characters before
     1681        // using it. Otherwise build a nicename from the user_login.
     1682        if ( ! empty( $userdata['user_nicename'] ) ) {
     1683                $user_nicename = sanitize_user( $userdata['user_nicename'], true );
    16811684        } else {
    1682                 $user_nicename = $userdata['user_nicename'];
     1685                $user_nicename = $user_login;
    16831686        }
    16841687
     1688        $user_nicename = sanitize_title( $user_nicename );
     1689
    16851690        // Store values to save in user meta.
    16861691        $meta = array();
    16871692
  • tests/phpunit/tests/user.php

    diff --git tests/phpunit/tests/user.php tests/phpunit/tests/user.php
    index 26e45a2..5ca0a22 100644
    class Tests_User extends WP_UnitTestCase { 
    654654                $metas = array_keys( get_user_meta( 1 ) );
    655655                $this->assertNotContains( 'key', $metas );
    656656        }
     657
     658        /**
     659         * @ticket 29696
     660         */
     661        public function test_wp_insert_user_should_sanitize_user_nicename_parameter() {
     662                $user = $this->factory->user->create_and_get();
     663
     664                $userdata = $user->to_array();
     665                $userdata['user_nicename'] = str_replace( '-', '.', $user->user_nicename );
     666                wp_insert_user( $userdata );
     667
     668                $updated_user = new WP_User( $user->ID );
     669
     670                $this->assertSame( $user->user_nicename, $updated_user->user_nicename );
     671        }
    657672}