Opened 8 years ago
Closed 8 years ago
#40169 closed enhancement (duplicate)
Username sanitization discrepancy
Reported by: | fabscanta | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7.3 |
Component: | Users | Keywords: | has-patch |
Focuses: | multisite | Cc: |
Description
Hi,
When creating a user from the Network admin panel (/wp-admin/network/user-new.php), the username sanitization use the following function (wp-includes/ms-functions.php):
function wpmu_validate_user_signup($user_name, $user_email) {
(...)
if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) {
When creating a user from the Site admin panel (/wp-admin/user-new.php), the username sanitization use the following function (wp-includes/formatting.php):
function sanitize_user( $username, $strict = false ) {
(...)
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
As a result, the username format is not standard between the 2 levels. It would be much more simple to have only one method to validate usernames.
Currently, at the network level, I can't allow usernames with a '.' (dot) char without hacking the reg exp.
Any chance to harmonize the 2 patterns? The ideal pattern would be [^a-z0-9 _.\-@]
.
Many thanks.
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
Basic patch