WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#40169 closed enhancement (duplicate)

Username sanitization discrepancy

Reported by: fabscanta Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7.3
Component: Users Keywords: has-patch
Focuses: multisite Cc:
PR Number:

Description

Hi,

When creating a user from the Network admin panel (/wp-admin/network/user-new.php), the username sanitization use the following function (wp-includes/ms-functions.php):

function wpmu_validate_user_signup($user_name, $user_email) {
(...)
if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {

When creating a user from the Site admin panel (/wp-admin/user-new.php), the username sanitization use the following function (wp-includes/formatting.php):

function sanitize_user( $username, $strict = false ) {
(...)
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );

As a result, the username format is not standard between the 2 levels. It would be much more simple to have only one method to validate usernames.

Currently, at the network level, I can't allow usernames with a '.' (dot) char without hacking the reg exp.

Any chance to harmonize the 2 patterns? The ideal pattern would be [^a-z0-9 _.\-@].

Many thanks.

Attachments (1)

40169.diff (658 bytes) - added by lukecavanagh 3 years ago.
Basic patch

Download all attachments as: .zip

Change History (3)

@lukecavanagh
3 years ago

Basic patch

#1 @lukecavanagh
3 years ago

  • Focuses multisite added
  • Keywords has-patch added

#2 @SergeyBiryukov
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hi @fabscanta, welcome to WordPress Trac!

Thanks for the report, we're already tracking this issue in #17904.

Note: See TracTickets for help on using tickets.