Make WordPress Core


Ignore:
Timestamp:
02/17/2023 08:08:19 AM (2 years ago)
Author:
adamsilverstein
Message:

Login and Registration: prevent registering with username that matches previous user email.

When registering a new user, check that no existing user has an email matching the username.

Prevents a login name collision when one user registers with the email address user@… and a second user tries to register with the username user@….

Props buutqn, dunhakdis, roytanck, ajayver.
Fixes #57394.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/user.php

    r54402 r55358  
    936936
    937937    /**
     938     * @ticket 57394
     939     */
     940    public function test_wp_insert_user_should_reject_username_that_matches_existing_user_email() {
     941        $existing_email = get_option( 'admin_email' );
     942        $username       = wp_insert_user(
     943            array(
     944                'user_login'    => $existing_email,
     945                'user_email'    => 'whatever@example.com',
     946                'user_pass'     => 'whatever',
     947                'user_nicename' => 'whatever',
     948            )
     949        );
     950
     951        $this->assertWPError( $username );
     952        $this->assertSame( 'existing_user_login_as_email', $username->get_error_code() );
     953    }
     954
     955    /**
    938956     * @ticket 33793
    939957     */
Note: See TracChangeset for help on using the changeset viewer.