Make WordPress Core

Opened 15 years ago

Closed 6 years ago

Last modified 5 years ago

#11959 closed defect (bug) (worksforme)

Value Truncation Still Unchecked in registration.php

Reported by: miqrogroove's profile miqrogroove Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords: needs-patch bulk-reopened
Focuses: Cc:

Description

Functions such as username_exists() fail to perform sanity checks against the storage schema. As a result, it is possible to register multiple users with the same username, if the length is greater than or equal to the username field size. Only the first user can login, however anyone re-registering that username can impersonate the first user to reset their password.

Attachments (1)

11959.test.patch (685 bytes) - added by johnpbloch 11 years ago.
username_exists() test

Download all attachments as: .zip

Change History (10)

#1 @ryan
15 years ago

Related: #7728

#2 @nacin
14 years ago

  • Milestone changed from 2.9.3 to 3.0

Not a regression. Moving to 3.0. Can be backported if desired.

#3 @nacin
14 years ago

  • Keywords needs-patch added

#4 @ryan
14 years ago

  • Milestone changed from 3.0 to 3.1

#5 @nacin
14 years ago

  • Milestone changed from Awaiting Triage to Future Release

@johnpbloch
11 years ago

username_exists() test

#6 @johnpbloch
11 years ago

  • Cc johnpbloch@… added

This isn't really a patch (yet), but while looking into this issue I noticed that username_exists() didn't have any unit tests written yet, so I added a patch here to add such a test to the suite.

#7 @johnpbloch
11 years ago

Regarding fixing this issue, what would be the preferable way to fix it? It seems to me that username_exists() should not truncate the username to 60 characters, since that would give a false positive. It seems to me, rather, that functions like wp_insert_user() or sanitize_user() should be making this sort of check instead of username_exists(). Thoughts?

#8 @miqrogroove
9 years ago

Any chance this was fixed in [32299] or did that only affect the comments table?

#11 @noisysocks
6 years ago

  • Keywords bulk-reopened added
  • Resolution set to worksforme
  • Status changed from new to closed

I tested this in trunk and was unable to create a user with a username longer than 60 characters. Closing this as it looks like it was fixed inadvertently by [32299].

Last edited 6 years ago by noisysocks (previous) (diff)
Note: See TracTickets for help on using tickets.