WordPress.org
Get WordPress

Make WordPress Core

Changeset 60288


Ignore:
Timestamp:
06/06/2025 08:29:33 AM (6 weeks ago)
Author:
peterwilsoncc
Message:

Users: Prevent creating of empty usernames after sanitization.

Introduces a check in wp_insert_user() to ensure the username doesn't have a length of zero after sanitization removes invalid characters.

Props kalpeshh, missveronicatv, rayhatron, rinkalpagdar, sergeybiryukov, thehercules.
Fixes #57635.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-includes/user.php

    r60264 r60288  
    22872287    $user_nicename = apply_filters( 'pre_user_nicename', $user_nicename );
    22882288
    2289     if ( mb_strlen( $user_nicename ) > 50 ) {
     2289    // Check if the sanitized nicename is empty.
     2290    if ( empty( $user_nicename ) ) {
     2291        return new WP_Error( 'empty_user_nicename', __( 'Cannot create a user with an empty nicename.' ) );
     2292    } elseif ( mb_strlen( $user_nicename ) > 50 ) {
    22902293        return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) );
    22912294    }
Note: See TracChangeset for help on using the changeset viewer.