Make WordPress Core

Opened 2 years ago

Closed 23 months ago

#54326 closed enhancement (fixed)

`username_exists()` is passed a blog name in wp-includes/ms-functions.php

Reported by: henrywright's profile henry.wright Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.0 Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: docs, multisite Cc:

Description

In the wp-includes/ms-functions.php file, in the wpmu_validate_blog_signup() function definition, you will see this condition:

if ( username_exists( $blogname ) ) {
    // Stuff
}

username_exists() shouldn't be passed a blog name. It accepts a user name only.

Attachments (1)

54326.diff (629 bytes) - added by henry.wright 2 years ago.

Download all attachments as: .zip

Change History (12)

#1 @joyously
2 years ago

If you read the description of that function, you'll see

This function prevents the current user from registering a new site with a blogname equivalent to another user’s login name.

#2 @henry.wright
2 years ago

@joyously that explains the why a blog name is passed to the function. When a function is used unconventionally like this, I feel we should provide a comment very close to where the function call takes place for clarification

@henry.wright
2 years ago

#3 @henry.wright
2 years ago

  • Keywords has-patch added

Attached is 54326.diff. This adds a comment clarifying the username_exists() function call

#4 @swissspidy
2 years ago

I don't think such a comment like in 54326.diff adds much value. It literally just describes what the next line of code does. You get the same information from just reading that line of code.

It'd be more helpful to explain that such a blog name is not allowed, unless it's the user's own username.

But then again, that is already in the function description.

#5 @henry.wright
2 years ago

I don't think such a comment like in 54326.diff​ adds much value

I disagree. The function call in the next line isn't used to check if a username exists. It is used in a different way. Because the function name is username_exists(), a comment is absolutely necessary in my opinion. A comment in the DockBlock for the wpmu_validate_blog_signup() function isn't the best place.

If username_exists() was named username_exists_or_blogname_matches_existing_username() we wouldn't need the inline comment :D

#6 @joyously
2 years ago

I'm not opposed to a comment, but it does seem pretty obvious that it is checking if there is a user by the name of the blog, and the function name has "validate" in it.

The function call in the next line isn't used to check if a username exists.

Yes, it is checking for username.

#7 @henry.wright
2 years ago

Yes, it is checking for username.

In my mind it is checking if a blogname exists as a username :)

#8 @henry.wright
2 years ago

  • Type changed from defect (bug) to enhancement

#9 @henry.wright
2 years ago

  • Focuses docs added

#10 @SergeyBiryukov
23 months ago

  • Component changed from General to Users
  • Focuses multisite added
  • Milestone changed from Awaiting Review to 6.0

Adding a comment to avoid confusion seems like a good idea.

#11 @SergeyBiryukov
23 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 52655:

Docs: Add a comment to clarify the username_exists() check in wpmu_validate_blog_signup().

Creating a new site that matches an existing user's login name is not allowed, unless it's the user's own username.

Follow-up to mu:550, mu:1364.

Props henry.wright, joyously, swissspidy, SergeyBiryukov.
Fixes #54326.

Note: See TracTickets for help on using tickets.