From 7f08716c166562c50cba9709c9d0d79e67addcf8 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Thu, 15 Oct 2015 05:43:26 +0000 Subject: [PATCH] Users: Add `'illegal_user_logins'` filter to allow certain usernames to be blacklisted. Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov. Fixes #27317. Built from https://develop.svn.wordpress.org/trunk@35189 git-svn-id: http://core.svn.wordpress.org/trunk@35155 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/user.php | 6 ++++++ wp-includes/ms-functions.php | 10 ++++++++-- wp-includes/user-functions.php | 11 +++++++++++ wp-includes/version.php | 2 +- 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 6ec23fb576..3ec716e08e 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -142,6 +142,12 @@ function edit_user( $user_id = 0 ) { if ( !$update && username_exists( $user->user_login ) ) $errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' )); + /** This filter is documented in wp-includes/user-functions.php */ + $usernames = apply_filters( 'illegal_user_logins', array() ); + if ( in_array( $user->user_login, $usernames ) ) { + $errors->add( 'illegal_user_login', __( 'ERROR: Sorry, that username is not allowed.' ) ); + } + /* checking email address */ if ( empty( $user->user_email ) ) { $errors->add( 'empty_email', __( 'ERROR: Please enter an email address.' ), array( 'form-field' => 'email' ) ); diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 49407ecb64..f4c11f0c88 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -427,8 +427,14 @@ function wpmu_validate_user_signup($user_name, $user_email) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } - if ( in_array( $user_name, $illegal_names ) ) - $errors->add('user_name', __( 'That username is not allowed.' ) ); + if ( in_array( $user_name, $illegal_names ) ) { + $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); + } + + /** This filter is documented in wp-includes/user-functions.php */ + if ( in_array( $user_name, apply_filters( 'illegal_user_logins', array() ) ) ) { + $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); + } if ( is_email_address_unsafe( $user_email ) ) $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); diff --git a/wp-includes/user-functions.php b/wp-includes/user-functions.php index 18ed9af8ef..48c7791939 100644 --- a/wp-includes/user-functions.php +++ b/wp-includes/user-functions.php @@ -1315,6 +1315,17 @@ function wp_insert_user( $userdata ) { return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); } + /** + * Filter the list of blacklisted usernames. + * + * @since 4.4.0 + * + * @param array $usernames Array of blacklisted usernames. + */ + if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) { + return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) ); + } + /* * If a nicename is provided, remove unsafe user characters before using it. * Otherwise build a nicename from the user_login. diff --git a/wp-includes/version.php b/wp-includes/version.php index 5aadd77f61..b3b571bf7c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-35188'; +$wp_version = '4.4-alpha-35189'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.