Make WordPress Core

Opened 13 months ago

Last modified 13 months ago

#59084 new enhancement

Spaces in username during login

Reported by: wparslan's profile wparslan Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: reporter-feedback
Focuses: Cc:

Description

The username can have spaces in them which is not a good practice of usernames.
Yes, during the registration it escapes and converts the space to %20 for the username.

We can restrict the user to more efficient username with this:

<?php

/**
 * Check if the sanitized username contains spaces and add an error if needed.
 *
 * This function is hooked into the registration_errors filter to check the sanitized
 * username for spaces. If a space is found in the username, an error message is added
 * to the list of registration errors.
 *
 * @param WP_Error $errors            A WP_Error object containing any registration errors.
 * @param string   $sanitized_user_login The sanitized username without spaces or special characters.
 * @param string   $user_email        The email address entered during registration.
 * @return WP_Error Modified WP_Error object with added error message, if applicable.
 */
function loginpress_check_username_for_spaces( $errors, $sanitized_user_login, $user_email ) {
    if ( strpos( $sanitized_user_login, ' ' ) !== false ) {
        $errors->add( 'username_space', __( 'Username cannot contain spaces.', 'text-domain' ) );
    }
    return $errors;
}
add_filter( 'registration_errors', 'prefix_check_username_for_spaces', 10, 3 );

Change History (7)

#1 @rajinsharwar
13 months ago

  • Component changed from General to Login and Registration
  • Type changed from defect (bug) to enhancement

Marking as an enchancement instead of bug.

#2 @Hareesh Pillai
13 months ago

If we choose to solve this, we should also decide how old usernames with a space will be handled going forward.

#3 in reply to: ↑ description @johnbillion
13 months ago

  • Focuses accessibility sustainability removed
  • Version trunk deleted

Replying to wparslan:

The username can have spaces in them which is not a good practice of usernames.

What's the reason this isn't a good practice?

#4 @wparslan
13 months ago

<?php
// "Jason    Bourne" is same as "JasonBourne" or "Jason Bourne".

Logon names can contain all other special characters, including spaces, periods, dashes, and underscores. But it's generally not a good idea to use spaces in account names.

we have to emit the spaces in our custom codes as per the UX perspective.

#5 @johnbillion
13 months ago

  • Keywords reporter-feedback added

What problem actually occurs when spaces are allowed and present in usernames? I'm not being awkward, I just want to understand what actual problem this is proposing to fix.

#6 @rajinsharwar
13 months ago

Yes, we also don't allow stale spaces at the first or the end of the username, so there isn't any risk of phishing as well. Any specific reason for the proposal @wparslan?

#7 @wparslan
13 months ago

So the case is this.

I am registering a user with space in it.
When I receive the link to reset the password, it also contains the link; might be due to something in the environment.
However, the root cause is the space in the username.

We can also fix this by altering the reset password email, that is correct but in some environments, this issue occurs.

Hope this helps you to understand.

Note: See TracTickets for help on using tickets.