WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#13159 closed defect (bug) (fixed)

Admin username diacritics silently stripped at install

Reported by: Jbb Owned by: dd32
Milestone: 3.0 Priority: high
Severity: critical Version: 3.0
Component: Upgrade/Install Keywords: needs-patch
Focuses: Cc:

Description

  1. Fresh install of WP trunk
  2. For the admin username, enter some diacritic. For example, Jérémie
  3. All goes well it seems
  4. Can't log in with that user

But in the users SQL table, the login name registered is: Jrmie

Login name should accept most unicode glyphs, especially well unique and used diacritic. A help button at registration should explain the rules of login taxonomy (what's allowed, what's not). And it should never ever alter the login in any way without warning the user.

Change History (10)

comment:1 nacin4 years ago

  • Component changed from General to Administration
  • Milestone changed from Unassigned to 3.0
  • Priority changed from normal to high

comment:2 nacin4 years ago

  • Component changed from Administration to Upgrade/Install
  • Keywords needs-patch added
  • Owner set to dd32

comment:3 Jbb4 years ago

Thanks for the various keywords and fields update. It's my first involvement, I didn't want to assign wrong values.

I've done further testing. It's not only at install, even when manually adding a user through WP backend (Users->Add New) it's the same thing (silently strip diacritic).

comment:4 nacin4 years ago

We have very little poka yoke in the install form. I think for now we should just make sure they know we're going to sanitize their username to a certain set of characters. Could simply be some text we add.

comment:5 nacin4 years ago

(In [14264]) Show the sanitized username on install.php completion page. Also add some help text. see #13159.

comment:6 nacin4 years ago

(In [14265]) Poka yoke for username sanitization during install. see #13159.

comment:7 nacin4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I think this one is good.

comment:8 Jbb4 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

What about self registration, or manually adding user? Shouldn't the warnings & explanations be there too?

Also, in your textual description of what's OK as a login, maybe you could say if login are case sensitive or not?

Just my 2 cents.

comment:9 nacin4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

They're insensitive, so I don't think we need to specify that. (If they were case-sensitive, then I'd include that.)

We can handle the other aspect in another ticket (which you're more than welcome to open). I think the install aspect was most important, especially since we just added that in 3.0 and did not display the sanitized username once WP was installed.

comment:10 Jbb4 years ago

Done, thanks a lot.

Note: See TracTickets for help on using tickets.