Make WordPress Core

Changeset 3481


Ignore:
Timestamp:
01/25/2006 03:09:16 AM (18 years ago)
Author:
ryan
Message:

Username sanitization cleanups.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r3476 r3481  
    330330
    331331function edit_user($user_id = 0) {
    332     global $current_user, $wp_roles;
     332    global $current_user, $wp_roles, $wpdb;
    333333
    334334    if ($user_id != 0) {
     
    336336        $user->ID = $user_id;
    337337        $userdata = get_userdata($user_id);
    338         $user->user_login = $userdata->user_login;
     338        $user->user_login = $wpdb->escape($userdata->user_login);
    339339    } else {
    340340        $update = false;
     
    406406    if (!empty ($pass1))
    407407        $user->user_pass = $pass1;
     408
     409    if ( !validate_username($user->user_login) )
     410        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
    408411
    409412    if (!$update && username_exists($user->user_login))
  • trunk/wp-includes/functions-formatting.php

    r3454 r3481  
    266266}
    267267
    268 function sanitize_user( $username ) {
     268function sanitize_user( $username, $strict = false ) {
    269269    $raw_username = $username;
    270270    $username = strip_tags($username);
     
    272272    $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
    273273    $username = preg_replace('/&.+?;/', '', $username); // Kill entities
    274     return apply_filters('sanitize_user', $username, $raw_username);
     274
     275    // If strict, reduce to ASCII for max portability.
     276    if ( $strict )
     277        $username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
     278
     279    return apply_filters('sanitize_user', $username, $raw_username, $strict);
    275280}
    276281
  • trunk/wp-includes/registration-functions.php

    r3351 r3481  
    99
    1010    return null;
     11}
     12
     13function validate_username( $username ) {
     14    $name = sanitize_user($username, true);
     15    $valid = true;
     16
     17    if ( $name != $username )
     18        $valid = false;
     19
     20    return apply_filters('validate_username', $valid, $username);   
    1121}
    1222
     
    2535    }
    2636   
     37    $user_login = sanitize_user($user_login, true);
     38
    2739    if ( empty($user_nicename) )
    2840        $user_nicename = sanitize_title( $user_login );
  • trunk/wp-register.php

    r3272 r3481  
    2828    }
    2929
    30   if ( username_exists( $user_login ) )
     30    if ( ! validate_username($user_login) )
     31        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
     32
     33    if ( username_exists( $user_login ) )
    3134        $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
    3235
Note: See TracChangeset for help on using the changeset viewer.