Make WordPress Core


Ignore:
Timestamp:
03/18/2022 08:42:43 PM (2 years ago)
Author:
davidbaumwald
Message:

Users: Check maximum length of user_nicename after filters are applied.

Similar to other checks on user_login and user_url, this change moves the maximum length check on user_nicename after the pre_user_nicename filter has been applied, to account for any changes to the value prior to saving.

Props SergeyBiryukov, ravipatel, muhammadfaizanhaidar, mukesh27, csesumonpro, azouamauriac.
Fixes #54987.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r52650 r52954  
    19781978    if ( ! empty( $userdata['user_nicename'] ) ) {
    19791979        $user_nicename = sanitize_user( $userdata['user_nicename'], true );
    1980         if ( mb_strlen( $user_nicename ) > 50 ) {
    1981             return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
    1982         }
    19831980    } else {
    19841981        $user_nicename = mb_substr( $user_login, 0, 50 );
     
    19951992     */
    19961993    $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename );
     1994
     1995    if ( mb_strlen( $user_nicename ) > 50 ) {
     1996        return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
     1997    }
    19971998
    19981999    $user_nicename_check = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1", $user_nicename, $user_login ) );
Note: See TracChangeset for help on using the changeset viewer.