Opened 14 years ago
Closed 14 years ago
#15198 closed defect (bug) (fixed)
Inconsistencies in sanitize_user and sanitize_key
Reported by: | duck_ | Owned by: | ryan |
---|---|---|---|
Milestone: | 3.1 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Formatting | Keywords: | has-patch 2nd-opinion |
Focuses: | Cc: |
Description
It seems to me that sanitize_user
can perform inconsistently by returning a different string compared to the input when passed a previously sanitized string. This occurs when the first round returns a string ending in a space, then in the second round when wp_strip_all_tags
trims the string it changes the previously sanitized input. The only workaround I could think of for now was to always trim the output of sanitize_user
.
Also, sanitize_key
does not behave as described by the docs (I guess the docs could be wrong instead of the code then, but I'm not sure). That is "They should be lowercase ASCII. Dashes and underscores are allowed." seems to be incorrect. The regex allows ., space, @ and has the ignore case modifier.
Example:
$test = sanitize_user( 'test ***', true ); var_dump( $test ); var_dump( sanitize_user( $test, true ) ); var_dump( sanitize_key( 'UPPER C@SE.', true ) );
Expected: the first two to be exactly the same and the last to output "uppercse"
Actual:
string(5) "test " string(4) "test" string(11) "UPPER C@SE."
Patch attached. Though this is the kind of change that I can foresee potentially creating problems, i.e. lookup a string which previously returned a different result when passing through either function.
[15948]