#33793 closed defect (bug) (fixed)
Adding a user with a username 52 characters or longer fails, but displays success message.
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.4 | Priority: | normal |
| Severity: | normal | Version: | 3.8.8 |
| Component: | Users | Keywords: | needs-unit-tests has-patch dev-feedback |
| Focuses: | administration | Cc: |
Description
Steps to reproduce:
- Login
- Users -> Add New (/wp-admin/user-new.php)
- Fill out the form with following data:
Username: Any valid email with 52 characters or more, e.g. abcdefghijklmnopqrstuvwxyzabcdefghijklmn [at] example.com (without the email obfuscation).
E-mail: Any
Password: Any
Repeat Password: Any
- Submit form by 'Add New User' button.
- WordPress redirects to Users page (/wp-admin/users.php?id=0) with a 'New user created.' success message, but the user is not visible in list, and is not present in
wp_userstable.
If you repeat the steps specifying a username that is 51 characters or less, then the new user is created correctly, and the success message includes an 'Edit user' link.
I've seen this broken behaviour in:
- 4.3
- 4.2.1
- 3.9
- 3.8.8
In 3.8.7 adding a user with a username >51 characters (and >60 characters) creates a new user correctly. The username is truncated to the first 60 characters when necessary. (wp_users.user_login is a varchar(60)).
I suspect the reason 51 characters succeeds and 52 does not may be to do with the wp_users.user_nicename field, which is a varchar(50). The add new user operation auto generates the user_nicename value, as a sanitised form of the user_login, stripping the @ in the process. I have not confirmed this though.
Attachments (7)
Change History (25)
#2
@
9 years ago
We should consider increasing user_nicename length to var_char(60) or should decrease user_login length to var_char(50).
#6
follow-up:
↓ 7
@
9 years ago
It feels like it would be better to return to the truncation behaviour present in 3.8.7 if possible, rather than introducing additional validation.
#7
in reply to:
↑ 6
@
9 years ago
- Keywords needs-patch needs-unit-tests added; has-patch removed
- Milestone changed from Awaiting Review to Future Release
Replying to tommarshall:
It feels like it would be better to return to the truncation behaviour present in 3.8.7 if possible, rather than introducing additional validation.
The truncation that took place prior to 3.8.8 (and corresponding releases on the 3.9, 4.0, 4.1, and 4.2 branches) was an unintended consequence of shoving too much data into a field. We can't revert directly to that behavior. Moreover, silently truncating user-provided data is never a good idea - it means that a user could attempt to register with one username, but be provided with a different one, without any appropriate feedback.
user_login and user_nicename field lengths have been the same forever [2213]. It's likely that increasing them would introduce complications. If there's a pressing reason to change one or both, let's handle it as a separate enhancement ticket. We should solve the current problem with better validation.
It looks like wp_insert_user() fails silently when 'user_login' is greater than 60 chars, and when 'user_nicename' is greater than 50 chars. We'll need separate validation for each, plus unit tests.
#8
@
9 years ago
@boonebgorges
currently, length of user_login and user_nicename fields are different and we set user_login as user_nicename if user_nicename is empty.
So we need to change length of user_nicename field into schema file.
#9
@
9 years ago
- Keywords has-patch added; needs-patch removed
@boonebgorges
As your suggestion extra check added for length of user_nicename in wp_insert_user().
#10
@
9 years ago
currently, length of user_login and user_nicename fields are different and we set user_login as user_nicename if user_nicename is empty.
So we need to change length of user_nicename field into schema file.
As noted above, there may be repercussions to changing the length of the field. I'd rather not do it. It's true that user_nicename is usually created from the user_login field, but let's enforce the truncation in code, rather than extending the field length.
#11
@
9 years ago
- Milestone changed from Future Release to 4.4
- Owner set to boonebgorges
- Status changed from new to assigned
#13
@
9 years ago
- Keywords dev-feedback added
- Resolution fixed deleted
- Status changed from closed to reopened
Hi dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges, thanks for reporting this bug and fixing it.
I had a special interest in this bug because this bug bit me too a while ago :) So I was hoping this would be something to work on at the WordCamp NL contributor day.
While looking over the code and new tests, I think we can add another more precise test to prevent possible future regression on this subject, specifically on the allowed length of the username (60chars). I'm going to try to reopen this trac-ticket to be able to add the additional test.
#14
@
9 years ago
Additional test looks good. Can you give me a link to your profiles.wordpress.org page, so that I can give you props? Clicking on your username above (https://profiles.wordpress.org/ruud@%E2%80%A6) doesn't seem to work, so it may be that Trac hiding part of your username :)
#15
@
9 years ago
Hi Boone,
Yes my username is kind of wrangled because of the @ in the name. A working link is https://profiles.wordpress.org/ruudjoyo/
Thnx!
I can reproduce this error on my end and also getting error
I am running 4.3.