#11959 closed defect (bug) (worksforme)
Value Truncation Still Unchecked in registration.php
Reported by: | miqrogroove | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Users | Keywords: | needs-patch bulk-reopened |
Focuses: | Cc: |
Description
Functions such as username_exists() fail to perform sanity checks against the storage schema. As a result, it is possible to register multiple users with the same username, if the length is greater than or equal to the username field size. Only the first user can login, however anyone re-registering that username can impersonate the first user to reset their password.
Attachments (1)
Change History (10)
#2
@
14 years ago
- Milestone changed from 2.9.3 to 3.0
Not a regression. Moving to 3.0. Can be backported if desired.
#6
@
11 years ago
- Cc johnpbloch@… added
This isn't really a patch (yet), but while looking into this issue I noticed that username_exists()
didn't have any unit tests written yet, so I added a patch here to add such a test to the suite.
#7
@
11 years ago
Regarding fixing this issue, what would be the preferable way to fix it? It seems to me that username_exists()
should not truncate the username to 60 characters, since that would give a false positive. It seems to me, rather, that functions like wp_insert_user()
or sanitize_user()
should be making this sort of check instead of username_exists()
. Thoughts?
Related: #7728