Opened 13 months ago
Last modified 13 months ago
#59084 new enhancement
Spaces in username during login
Reported by: | wparslan | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
The username can have spaces in them which is not a good practice of usernames.
Yes, during the registration it escapes and converts the space to %20 for the username.
We can restrict the user to more efficient username with this:
<?php /** * Check if the sanitized username contains spaces and add an error if needed. * * This function is hooked into the registration_errors filter to check the sanitized * username for spaces. If a space is found in the username, an error message is added * to the list of registration errors. * * @param WP_Error $errors A WP_Error object containing any registration errors. * @param string $sanitized_user_login The sanitized username without spaces or special characters. * @param string $user_email The email address entered during registration. * @return WP_Error Modified WP_Error object with added error message, if applicable. */ function loginpress_check_username_for_spaces( $errors, $sanitized_user_login, $user_email ) { if ( strpos( $sanitized_user_login, ' ' ) !== false ) { $errors->add( 'username_space', __( 'Username cannot contain spaces.', 'text-domain' ) ); } return $errors; } add_filter( 'registration_errors', 'prefix_check_username_for_spaces', 10, 3 );
Change History (7)
#1
@
13 months ago
- Component changed from General to Login and Registration
- Type changed from defect (bug) to enhancement
#2
@
13 months ago
If we choose to solve this, we should also decide how old usernames with a space will be handled going forward.
#3
in reply to:
↑ description
@
13 months ago
- Focuses accessibility sustainability removed
- Version trunk deleted
Replying to wparslan:
The username can have spaces in them which is not a good practice of usernames.
What's the reason this isn't a good practice?
#4
@
13 months ago
<?php // "Jason Bourne" is same as "JasonBourne" or "Jason Bourne".
Logon names can contain all other special characters, including spaces, periods, dashes, and underscores. But it's generally not a good idea to use spaces in account names.
we have to emit the spaces in our custom codes as per the UX perspective.
#5
@
13 months ago
- Keywords reporter-feedback added
What problem actually occurs when spaces are allowed and present in usernames? I'm not being awkward, I just want to understand what actual problem this is proposing to fix.
#6
@
13 months ago
Yes, we also don't allow stale spaces at the first or the end of the username, so there isn't any risk of phishing as well. Any specific reason for the proposal @wparslan?
#7
@
13 months ago
So the case is this.
I am registering a user with space in it.
When I receive the link to reset the password, it also contains the link; might be due to something in the environment.
However, the root cause is the space in the username.
We can also fix this by altering the reset password email, that is correct but in some environments, this issue occurs.
Hope this helps you to understand.
Marking as an enchancement instead of bug.