WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#13760 closed defect (bug) (fixed)

Unused validation in wpmu_activate_signup

Reported by: filosofo Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Multisite Keywords: has-patch
Focuses: Cc:

Description

wpmu_activate_signup calls wpmu_validate_user_signup without acting on its response.

Patch returns errors, if any are generated by wpmu_validate_user_signup. Otherwise, it uses the username and email as validated by wpmu_validate_user_signup.

Attachments (1)

use-wpmu_validate_user_signup.13760.diff (739 bytes) - added by filosofo 10 years ago.

Download all attachments as: .zip

Change History (7)

#1 @ryan
10 years ago

The call to wpmu_validate_blog_signup() is the same way.

#3 @ryan
10 years ago

Looks like the validation is done in validate_user_signup() and validate_blog_signup() in wp-signup.php. Does wp_activate_signup() really need to run these again, or can it assume what is pulled from the DB is safe?

#4 @wpmuguru
10 years ago

That patch doesn't work. When it's applied activation fails indicating that the username has already been reserved.

For now, I'm removing the validate calls for both users & sites. I'll leave teh ticket open for patches if someone wants to provide one.

#5 @wpmuguru
10 years ago

(In [15186]) removed unused validation from activation process, see #13760

#6 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Let's call it done.

Note: See TracTickets for help on using tickets.