Make WordPress Core

Ticket #33056: wp-includes_user_php.diff

File wp-includes_user_php.diff, 1.1 KB (added by aszone, 9 years ago)

Correction to hide the user login, allowing you to show the field "display_name" chosen by the user

  • wp-includes/user.php

     
    18971897                return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
    18981898        }
    18991899
    1900         // If a nicename is provided, remove unsafe user characters before
    1901         // using it. Otherwise build a nicename from the user_login.
    1902         if ( ! empty( $userdata['user_nicename'] ) ) {
    1903                 $user_nicename = sanitize_user( $userdata['user_nicename'], true );
     1900        // To improve security it was necessary to hide the reference to a user login, which was presented in the url and the tag body with class css.
     1901        // A correction allows the nicename be referenced in accordance with the chosen field "diplay_name"
     1902        if (empty( $userdata['display_name'] ) ) {
     1903               $user_nicename = sanitize_user( $userdata['user_login'], true );
    19041904        } else {
    1905                 $user_nicename = $user_login;
     1905                $user_nicename = sanitize_user($userdata['display_name'], true );
    19061906        }
    1907 
     1907         
    19081908        $user_nicename = sanitize_title( $user_nicename );
    19091909
    19101910        // Store values to save in user meta.