Changeset 3481

Show
Ignore:
Timestamp:
01/25/06 03:09:16 (3 years ago)
Author:
ryan
Message:

Username sanitization cleanups.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-admin/admin-functions.php

    r3476 r3481  
    330330 
    331331function edit_user($user_id = 0) { 
    332     global $current_user, $wp_roles
     332    global $current_user, $wp_roles, $wpdb
    333333 
    334334    if ($user_id != 0) { 
     
    336336        $user->ID = $user_id; 
    337337        $userdata = get_userdata($user_id); 
    338         $user->user_login = $userdata->user_login
     338        $user->user_login = $wpdb->escape($userdata->user_login)
    339339    } else { 
    340340        $update = false; 
     
    406406    if (!empty ($pass1)) 
    407407        $user->user_pass = $pass1; 
     408 
     409    if ( !validate_username($user->user_login) ) 
     410        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'); 
    408411 
    409412    if (!$update && username_exists($user->user_login)) 

  • trunk/wp-includes/functions-formatting.php

    r3454 r3481  
    266266} 
    267267 
    268 function sanitize_user( $username ) { 
     268function sanitize_user( $username, $strict = false ) { 
    269269    $raw_username = $username; 
    270270    $username = strip_tags($username); 
     
    272272    $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username); 
    273273    $username = preg_replace('/&.+?;/', '', $username); // Kill entities 
    274     return apply_filters('sanitize_user', $username, $raw_username); 
     274 
     275    // If strict, reduce to ASCII for max portability. 
     276    if ( $strict ) 
     277        $username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username); 
     278 
     279    return apply_filters('sanitize_user', $username, $raw_username, $strict); 
    275280} 
    276281 

  • trunk/wp-includes/registration-functions.php

    r3351 r3481  
    99 
    1010    return null; 
     11} 
     12 
     13function validate_username( $username ) { 
     14    $name = sanitize_user($username, true); 
     15    $valid = true; 
     16 
     17    if ( $name != $username ) 
     18        $valid = false;  
     19 
     20    return apply_filters('validate_username', $valid, $username);    
    1121} 
    1222 
     
    2535    } 
    2636     
     37    $user_login = sanitize_user($user_login, true); 
     38 
    2739    if ( empty($user_nicename) ) 
    2840        $user_nicename = sanitize_title( $user_login ); 

  • trunk/wp-register.php

    r3272 r3481  
    2828    } 
    2929 
    30   if ( username_exists( $user_login ) ) 
     30    if ( ! validate_username($user_login) ) 
     31        $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'); 
     32 
     33    if ( username_exists( $user_login ) ) 
    3134        $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); 
    3235