#2729 closed defect (bug) (fixed)
Regular expression bug in sanitize_user
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.0.2 |
| Component: | General | Keywords: | has-patch commit |
| Focuses: | Cc: |
Description
I think I may have found a bug in the sanitize_user function in
functions-formatting.php. Currently, lines 275 - 277 read:
If strict, reduce to ASCII for max portability.
if ( $strict )
$username = preg_replace('|[a-z0-9 _.-@]|i', , $username);
It appears that what this is trying to do is allow hyphens (along
with many other characters). However, the regex does not match the
hyphens. I believe the reg ex needs a back slash like this:
$username = preg_replace('|[a-z0-9 _.\-@]|i', , $username);
I checked on the hackers mailing list and received confirmation that this appears to be a bug before submitting it here.
NOTE: The wiki formatting is stripping some of the information from the regular expressions above. I looked at the formatting guide, and didn't see a good way to escape it correctly. The gist of the ticket is that a backslash needs to be put before the hyphen. Please check the original source code to get a clean version of the regex.
Attachments (1)
Change History (6)
#1
@
20 years ago
- Keywords has-patch commit added
- Owner changed from anonymous to markjaquith
- Status changed from new to assigned
Uploaded patch adds escaping slash to the regex.
patch to fix the regex