Make WordPress Core

Changeset 12468


Ignore:
Timestamp:
12/21/2009 03:25:00 PM (15 years ago)
Author:
westi
Message:

Add stricter checks to wp_insert_user() to ensure we don't create a user with an empty user_login but return a WP_Error instead. Fixes #11548.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/registration.php

    r12147 r12468  
    9999 *
    100100 * @param array $userdata An array of user data.
    101  * @return int The newly created user's ID.
     101 * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not be created.
    102102 */
    103103function wp_insert_user($userdata) {
     
    119119    $user_login = sanitize_user($user_login, true);
    120120    $user_login = apply_filters('pre_user_login', $user_login);
    121 
     121   
     122    //Remove any non-printable chars from the login string to see if we have ended up with an empty username
     123    $user_login = trim($user_login);
     124   
     125    if ( empty($user_login) ) {
     126        return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') );
     127    }
     128   
    122129    if ( empty($user_nicename) )
    123130        $user_nicename = sanitize_title( $user_login );
Note: See TracChangeset for help on using the changeset viewer.