Make WordPress Core


Ignore:
Timestamp:
09/15/2015 10:13:51 PM (9 years ago)
Author:
boonebgorges
Message:

Improve validation of user_login and user_nicename length.

The user_login field only allows 60 characters, and user_nicename allows

  1. However, there are no protections in the interface, and few in the code,

that prevent the creation of users with values in excess of these limits. Prior
to recent changes in $wpdb, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the INSERTs and
UPDATEs simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:

  • On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
  • In wp_insert_user(), throw an error if the value provided for 'user_login' or 'user_nicename' exceeds the maximum field length.
  • In wp_insert_user(), when using 'user_login' to generate a default value for 'user_nicename', ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-new.php

    r34059 r34218  
    376376    <tr class="form-field form-required">
    377377        <th scope="row"><label for="user_login"><?php _e('Username'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
    378         <td><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr( $new_user_login ); ?>" aria-required="true" autocapitalize="none" autocorrect="off" /></td>
     378        <td><input name="user_login" type="text" id="user_login" value="<?php echo esc_attr( $new_user_login ); ?>" aria-required="true" autocapitalize="none" autocorrect="off" maxlength="60" /></td>
    379379    </tr>
    380380    <tr class="form-field form-required">
Note: See TracChangeset for help on using the changeset viewer.