Username sanitization cleanups.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9afb7a18db
commit
99385a2f18
|
@ -329,13 +329,13 @@ function add_user() {
|
||||||
}
|
}
|
||||||
|
|
||||||
function edit_user($user_id = 0) {
|
function edit_user($user_id = 0) {
|
||||||
global $current_user, $wp_roles;
|
global $current_user, $wp_roles, $wpdb;
|
||||||
|
|
||||||
if ($user_id != 0) {
|
if ($user_id != 0) {
|
||||||
$update = true;
|
$update = true;
|
||||||
$user->ID = $user_id;
|
$user->ID = $user_id;
|
||||||
$userdata = get_userdata($user_id);
|
$userdata = get_userdata($user_id);
|
||||||
$user->user_login = $userdata->user_login;
|
$user->user_login = $wpdb->escape($userdata->user_login);
|
||||||
} else {
|
} else {
|
||||||
$update = false;
|
$update = false;
|
||||||
$user = '';
|
$user = '';
|
||||||
|
@ -406,6 +406,9 @@ function edit_user($user_id = 0) {
|
||||||
if (!empty ($pass1))
|
if (!empty ($pass1))
|
||||||
$user->user_pass = $pass1;
|
$user->user_pass = $pass1;
|
||||||
|
|
||||||
|
if ( !validate_username($user->user_login) )
|
||||||
|
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
|
||||||
|
|
||||||
if (!$update && username_exists($user->user_login))
|
if (!$update && username_exists($user->user_login))
|
||||||
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
|
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
|
||||||
|
|
||||||
|
|
|
@ -265,13 +265,18 @@ function remove_accents($string) {
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
|
||||||
function sanitize_user( $username ) {
|
function sanitize_user( $username, $strict = false ) {
|
||||||
$raw_username = $username;
|
$raw_username = $username;
|
||||||
$username = strip_tags($username);
|
$username = strip_tags($username);
|
||||||
// Kill octets
|
// Kill octets
|
||||||
$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
|
$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
|
||||||
$username = preg_replace('/&.+?;/', '', $username); // Kill entities
|
$username = preg_replace('/&.+?;/', '', $username); // Kill entities
|
||||||
return apply_filters('sanitize_user', $username, $raw_username);
|
|
||||||
|
// If strict, reduce to ASCII for max portability.
|
||||||
|
if ( $strict )
|
||||||
|
$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
|
||||||
|
|
||||||
|
return apply_filters('sanitize_user', $username, $raw_username, $strict);
|
||||||
}
|
}
|
||||||
|
|
||||||
function sanitize_title($title, $fallback_title = '') {
|
function sanitize_title($title, $fallback_title = '') {
|
||||||
|
|
|
@ -10,6 +10,16 @@ function username_exists( $username ) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function validate_username( $username ) {
|
||||||
|
$name = sanitize_user($username, true);
|
||||||
|
$valid = true;
|
||||||
|
|
||||||
|
if ( $name != $username )
|
||||||
|
$valid = false;
|
||||||
|
|
||||||
|
return apply_filters('validate_username', $valid, $username);
|
||||||
|
}
|
||||||
|
|
||||||
function wp_insert_user($userdata) {
|
function wp_insert_user($userdata) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
|
@ -24,6 +34,8 @@ function wp_insert_user($userdata) {
|
||||||
$user_pass = md5($user_pass);
|
$user_pass = md5($user_pass);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$user_login = sanitize_user($user_login, true);
|
||||||
|
|
||||||
if ( empty($user_nicename) )
|
if ( empty($user_nicename) )
|
||||||
$user_nicename = sanitize_title( $user_login );
|
$user_nicename = sanitize_title( $user_login );
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,10 @@ case 'register':
|
||||||
$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn’t correct.');
|
$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn’t correct.');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( username_exists( $user_login ) )
|
if ( ! validate_username($user_login) )
|
||||||
|
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
|
||||||
|
|
||||||
|
if ( username_exists( $user_login ) )
|
||||||
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
|
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
|
||||||
|
|
||||||
/* checking the email isn't already used by another user */
|
/* checking the email isn't already used by another user */
|
||||||
|
|
Loading…
Reference in New Issue