Opened 12 years ago
Last modified 6 years ago
#23430 new enhancement
sanitize_user() disallows + in usernames causes problem for email as username
Reported by: | jb510 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | 3.5.1 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
I want to use email addresses as usernames which seems to work fine, except sanitize_user() doesn't allow a + in the username and my email addresses have + in them.
Google/gmail allows one to use a + modifier on emails like so:
user+admin@…, user+editor@…, user+author@…, etc...
I often use this to get around WordPress's requirement for unique email addresses but it's also intended for and useful in filtering: user+blog1@…, user+blog2@…, etc...
Is there a reason we can't allow +'s in usernames or could it be moved to the strict case only?
See formatting.php:892
Attachments (1)
Change History (7)
#3
@
12 years ago
I want to use email addresses as usernames which seems to work fine
Related: #22367
#4
@
11 years ago
+1 (no pun intended)
The annoying thing about this is that it (seems to, anyway) fail silently, and simply removes the "+"s from the username, which isn't immediately apparent, depending on how the new user was created.
Furthermore, the codex page for sanitize_user() states that "if strict is enabled, will remove all non-ASCII characters". However, unless I'm mistaken (entirely possible!), "+" is an ASCII character.
#5
@
11 years ago
I believe plus symbols in query strings are decoded to spaces, as in a URL like so:
http://example.com?username=abc+123
This may be the reason for the disallowing of them in strict mode. While WP itself doesn't necessarily use them in this manner, it's not totally portable for all possible use-cases.
Tested with +-based username and works for me (creation of posts/pages, editing content, view of author page, user edit page). Adding a quick patch, unless the core team has other preferences.