Make WordPress Core

Changeset 35189


Ignore:
Timestamp:
10/15/2015 05:42:05 AM (9 years ago)
Author:
SergeyBiryukov
Message:

Users: Add 'illegal_user_logins' filter to allow certain usernames to be blacklisted.

Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov.
Fixes #27317.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r35170 r35189  
    142142    if ( !$update && username_exists( $user->user_login ) )
    143143        $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
     144
     145    /** This filter is documented in wp-includes/user-functions.php */
     146    $usernames = apply_filters( 'illegal_user_logins', array() );
     147    if ( in_array( $user->user_login, $usernames ) ) {
     148        $errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
     149    }
    144150
    145151    /* checking email address */
  • trunk/src/wp-includes/ms-functions.php

    r35170 r35189  
    428428        add_site_option( 'illegal_names', $illegal_names );
    429429    }
    430     if ( in_array( $user_name, $illegal_names ) )
    431         $errors->add('user_name',  __( 'That username is not allowed.' ) );
     430    if ( in_array( $user_name, $illegal_names ) ) {
     431        $errors->add( 'user_name',  __( 'Sorry, that username is not allowed.' ) );
     432    }
     433
     434    /** This filter is documented in wp-includes/user-functions.php */
     435    if ( in_array( $user_name, apply_filters( 'illegal_user_logins', array() ) ) ) {
     436        $errors->add( 'user_name',  __( 'Sorry, that username is not allowed.' ) );
     437    }
    432438
    433439    if ( is_email_address_unsafe( $user_email ) )
  • trunk/src/wp-includes/user-functions.php

    r35170 r35189  
    13161316    }
    13171317
     1318    /**
     1319     * Filter the list of blacklisted usernames.
     1320     *
     1321     * @since 4.4.0
     1322     *
     1323     * @param array $usernames Array of blacklisted usernames.
     1324     */
     1325    if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
     1326        return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
     1327    }   
     1328
    13181329    /*
    13191330     * If a nicename is provided, remove unsafe user characters before using it.
  • trunk/tests/phpunit/tests/user.php

    r35188 r35189  
    601601            }
    602602        }
     603    }
     604
     605    /**
     606     * @ticket 27317
     607     */
     608    function test_illegal_user_logins_single() {
     609        $user_data = array(
     610            'user_login' => 'testuser',
     611            'user_email' => 'testuser@example.com',
     612            'user_pass'  => wp_generate_password(),
     613        );
     614
     615        add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
     616
     617        $response = wp_insert_user( $user_data );
     618        $this->assertInstanceOf( 'WP_Error', $response );
     619        $this->assertEquals( 'illegal_user_login', $response->get_error_code() );
     620
     621        remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
     622
     623        $user_id = wp_insert_user( $user_data );
     624        $user = get_user_by( 'id', $user_id );
     625        $this->assertInstanceOf( 'WP_User', $user );
     626    }
     627
     628    /**
     629     * @ticket 27317
     630     */
     631    function test_illegal_user_logins_multisite() {
     632        if ( ! is_multisite() ) {
     633            return;
     634        }
     635
     636        $user_data = array(
     637            'user_login' => 'testuser',
     638            'user_email' => 'testuser@example.com',
     639        );
     640
     641        add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
     642
     643        $response = wpmu_validate_user_signup( $user_data['user_login'], $user_data['user_email'] );
     644        $this->assertInstanceOf( 'WP_Error', $response['errors'] );
     645        $this->assertEquals( 'user_name', $response['errors']->get_error_code() );
     646
     647        remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
     648
     649        $response = wpmu_validate_user_signup( $user_data['user_login'], $user_data['user_email'] );
     650        $this->assertInstanceOf( 'WP_Error', $response['errors'] );
     651        $this->assertEquals( 0, count( $response['errors']->get_error_codes() ) );
     652    }
     653
     654    function _illegal_user_logins() {
     655        return array( 'testuser' );
    603656    }
    604657
Note: See TracChangeset for help on using the changeset viewer.