Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#13159 closed defect (bug) (fixed)

Admin username diacritics silently stripped at install

Reported by: Jbb Owned by: dd32
Milestone: 3.0 Priority: high
Severity: critical Version: 3.0
Component: Upgrade/Install Keywords: needs-patch
Focuses: Cc:


  1. Fresh install of WP trunk
  2. For the admin username, enter some diacritic. For example, Jérémie
  3. All goes well it seems
  4. Can't log in with that user

But in the users SQL table, the login name registered is: Jrmie

Login name should accept most unicode glyphs, especially well unique and used diacritic. A help button at registration should explain the rules of login taxonomy (what's allowed, what's not). And it should never ever alter the login in any way without warning the user.

Change History (10)

#1 @nacin
6 years ago

  • Component changed from General to Administration
  • Milestone changed from Unassigned to 3.0
  • Priority changed from normal to high

#2 @nacin
6 years ago

  • Component changed from Administration to Upgrade/Install
  • Keywords needs-patch added
  • Owner set to dd32

#3 @Jbb
6 years ago

Thanks for the various keywords and fields update. It's my first involvement, I didn't want to assign wrong values.

I've done further testing. It's not only at install, even when manually adding a user through WP backend (Users->Add New) it's the same thing (silently strip diacritic).

#4 @nacin
6 years ago

We have very little poka yoke in the install form. I think for now we should just make sure they know we're going to sanitize their username to a certain set of characters. Could simply be some text we add.

#5 @nacin
6 years ago

(In [14264]) Show the sanitized username on install.php completion page. Also add some help text. see #13159.

#6 @nacin
6 years ago

(In [14265]) Poka yoke for username sanitization during install. see #13159.

#7 @nacin
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I think this one is good.

#8 @Jbb
6 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

What about self registration, or manually adding user? Shouldn't the warnings & explanations be there too?

Also, in your textual description of what's OK as a login, maybe you could say if login are case sensitive or not?

Just my 2 cents.

#9 @nacin
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

They're insensitive, so I don't think we need to specify that. (If they were case-sensitive, then I'd include that.)

We can handle the other aspect in another ticket (which you're more than welcome to open). I think the install aspect was most important, especially since we just added that in 3.0 and did not display the sanitized username once WP was installed.

#10 @Jbb
6 years ago

Done, thanks a lot.

Note: See TracTickets for help on using tickets.