Changeset 46804

Timestamp:

11/29/2019 10:02:30 PM (5 years ago)

Author:

SergeyBiryukov

Message:

REST API: Use strict in_array() checks for the list of usernames blacklisted via illegal_user_logins filter.

See #48839.

Location:

trunk/src

Files:

• wp-admin/includes/user.php (modified) (1 diff)
• wp-includes/ms-functions.php (modified) (1 diff)
• wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (1 diff)
• wp-includes/user.php (modified) (2 diffs)

trunk/src/wp-admin/includes/user.php

@@ -194 +194 @@
     $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
-    if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
+    if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) {
         $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
     }

trunk/src/wp-includes/ms-functions.php

@@ -489 +489 @@
     $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
-    if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) {
+    if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ), true ) ) {
         $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
     }

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

@@ -1138 +1138 @@
         $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
-        if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) {
+        if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) {
             return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) );
         }

trunk/src/wp-includes/user.php

@@ -1585 +1585 @@
     $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
-    if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
+    if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) {
         return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) );
     }
@@ -2504 +2504 @@
         /** This filter is documented in wp-includes/user.php */
         $illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() );
-        if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ) ) ) {
+        if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ), true ) ) {
             $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
         }