Make WordPress Core

Ticket #54987: 54987.diff

File 54987.diff, 2.4 KB (added by csesumonpro, 2 years ago)

Patch created

  • src/wp-includes/user.php

    diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
    index 3604d94389..085e6369d8 100644
    a b function wp_insert_user( $userdata ) { 
    19711971                return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) );
    19721972        }
    19731973
    1974         /*
    1975          * If a nicename is provided, remove unsafe user characters before using it.
    1976          * Otherwise build a nicename from the user_login.
    1977          */
    1978         if ( ! empty( $userdata['user_nicename'] ) ) {
    1979                 $user_nicename = sanitize_user( $userdata['user_nicename'], true );
    1980                 if ( mb_strlen( $user_nicename ) > 50 ) {
    1981                         return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
    1982                 }
     1974        if (! empty( $userdata['user_nicename'] )) {
     1975                // If a nicename is provided, remove unsafe user characters before using it.
     1976                $sanitized_user_nicename = sanitize_user( $userdata['user_nicename'], true );
    19831977        } else {
    1984                 $user_nicename = mb_substr( $user_login, 0, 50 );
     1978                // Otherwise build a nicename from the user_login.
     1979                $sanitized_user_nicename = mb_substr( $user_login, 0, 50 );
    19851980        }
    19861981
    1987         $user_nicename = sanitize_title( $user_nicename );
    1988 
    19891982        /**
    19901983         * Filters a user's nicename before the user is created or updated.
    19911984         *
    function wp_insert_user( $userdata ) { 
    19931986         *
    19941987         * @param string $user_nicename The user's nicename.
    19951988         */
    1996         $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename );
     1989        $user_nicename = apply_filters( 'pre_user_nicename', $sanitized_user_nicename );
     1990
     1991        if ( mb_strlen( $user_nicename ) > 50 ) {
     1992                return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
     1993        }
     1994
     1995        $user_nicename = sanitize_title( $user_nicename );
    19971996
    19981997        $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) );
    19991998
    function wp_insert_user( $userdata ) { 
    20432042         */
    20442043        $user_url = apply_filters( 'pre_user_url', $raw_user_url );
    20452044
     2045        if ( mb_strlen( $user_url ) > 100 ) {
     2046                return new WP_Error( 'user_url_too_long', __( 'URL may not be longer than 100 characters.' ) );
     2047        }
     2048
    20462049        $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered'];
    20472050
    20482051        $user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key'];