Make WordPress Core

Changeset 55358


Ignore:
Timestamp:
02/17/2023 08:08:19 AM (20 months ago)
Author:
adamsilverstein
Message:

Login and Registration: prevent registering with username that matches previous user email.

When registering a new user, check that no existing user has an email matching the username.

Prevents a login name collision when one user registers with the email address user@… and a second user tries to register with the username user@….

Props buutqn, dunhakdis, roytanck, ajayver.
Fixes #57394.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r55301 r55358  
    21242124    }
    21252125
     2126    // Username must be unique.
    21262127    if ( ! $update && username_exists( $user_login ) ) {
    21272128        return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
     2129    }
     2130
     2131    // Username must not match an existing user email.
     2132    if ( email_exists( $user_login ) ) {
     2133        return new WP_Error( 'existing_user_login_as_email', __( 'Sorry, that username is not available.' ) );
    21282134    }
    21292135
     
    33413347    } elseif ( username_exists( $sanitized_user_login ) ) {
    33423348        $errors->add( 'username_exists', __( '<strong>Error:</strong> This username is already registered. Please choose another one.' ) );
    3343 
     3349    } elseif ( email_exists( $sanitized_user_login ) ) {
     3350        $errors->add( 'username_exists_as_email', __( '<strong>Error:</strong> This username is not available. Please choose another one.' ) );
    33443351    } else {
    33453352        /** This filter is documented in wp-includes/user.php */
  • trunk/tests/phpunit/tests/user.php

    r54402 r55358  
    936936
    937937    /**
     938     * @ticket 57394
     939     */
     940    public function test_wp_insert_user_should_reject_username_that_matches_existing_user_email() {
     941        $existing_email = get_option( 'admin_email' );
     942        $username       = wp_insert_user(
     943            array(
     944                'user_login'    => $existing_email,
     945                'user_email'    => 'whatever@example.com',
     946                'user_pass'     => 'whatever',
     947                'user_nicename' => 'whatever',
     948            )
     949        );
     950
     951        $this->assertWPError( $username );
     952        $this->assertSame( 'existing_user_login_as_email', $username->get_error_code() );
     953    }
     954
     955    /**
    938956     * @ticket 33793
    939957     */
Note: See TracChangeset for help on using the changeset viewer.