Make WordPress Core

Opened 11 years ago

Last modified 5 years ago

#23430 new enhancement

sanitize_user() disallows + in usernames causes problem for email as username

Reported by: jb510's profile jb510 Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.5.1
Component: Users Keywords: has-patch
Focuses: Cc:


I want to use email addresses as usernames which seems to work fine, except sanitize_user() doesn't allow a + in the username and my email addresses have + in them.

Google/gmail allows one to use a + modifier on emails like so:
user+admin@…, user+editor@…, user+author@…, etc...

I often use this to get around WordPress's requirement for unique email addresses but it's also intended for and useful in filtering: user+blog1@…, user+blog2@…, etc...

Is there a reason we can't allow +'s in usernames or could it be moved to the strict case only?

See formatting.php:892

Attachments (1)

username-patch.patch (499 bytes) - added by mario-siteground 11 years ago.

Download all attachments as: .zip

Change History (7)

#1 @jb510
11 years ago

  • Cc jbrown510@… added

#2 @mario-siteground
11 years ago

  • Keywords has-patch added

Tested with +-based username and works for me (creation of posts/pages, editing content, view of author page, user edit page). Adding a quick patch, unless the core team has other preferences.

#3 @SergeyBiryukov
11 years ago

I want to use email addresses as usernames which seems to work fine

Related: #22367

#4 @travisnorthcutt
11 years ago

+1 (no pun intended)

The annoying thing about this is that it (seems to, anyway) fail silently, and simply removes the "+"s from the username, which isn't immediately apparent, depending on how the new user was created.

Furthermore, the codex page for sanitize_user() states that "if strict is enabled, will remove all non-ASCII characters". However, unless I'm mistaken (entirely possible!), "+" is an ASCII character.

Last edited 11 years ago by travisnorthcutt (previous) (diff)

#5 @Otto42
11 years ago

I believe plus symbols in query strings are decoded to spaces, as in a URL like so:

This may be the reason for the disallowing of them in strict mode. While WP itself doesn't necessarily use them in this manner, it's not totally portable for all possible use-cases.

#6 @jb510
9 years ago

related: #18658
related: #18039

Last edited 9 years ago by jb510 (previous) (diff)
Note: See TracTickets for help on using tickets.