Ticket #1626 (assigned defect)

Opened 3 years ago

Last modified 4 months ago

user_nicename should be unique

Reported by: claudem Assigned to: pishmishy (accepted)
Priority: normal Milestone: 2.9
Component: General Version: 1.5.1.2
Severity: normal Keywords: has-patch needs-testing dev-feedback
Cc: claudem, charleshooper

Description

When registering new users, WP should check that the sanitized version of the username (user_nicename) is unique in the DB. If this check is not made, we can end up with two different users sharing the same user_nicename.

This is a problem if the permalinks are built with author names (/%author%/...). There is potential for ambiguity in this situation if two username result in the same niice name.

Example: "user-1" and "user 1" both get the same nice name: "user-1".

I recommend to make the user_nicename column unique, like user_login.

Attachments

wp_check_nicename.diff (3.5 kB) - added by charleshooper on 02/02/07 22:11:28.
Adds user_nicename checks to WP
wp_check_nicename2.diff (3.5 kB) - added by charleshooper on 02/02/07 22:15:32.
Adds user_nicename checks to WP, with caching
1626.patch (2.0 kB) - added by pishmishy on 02/13/08 15:44:37.
Modifies username_exists() and adds get_user_by_nicename()

Change History

08/27/05 02:08:57 changed by claudem

  • cc set to claude@montpetit.net.

08/27/05 03:17:22 changed by claudem

Of course, there is an issue for ugrades: if there are already duplicate nicenames in wp-users, the script that adds the unique constraint will fail. Therefore, this request may be a documented issue that administrator can enforce by adding a constraint to the users table.

08/29/05 20:12:23 changed by markjaquith

That would mean that nicknames have to be unique (well, more than unique). You can't have someone with a nickname of "User" and someone with a nickname of "user" or someone with a nickname of "This User" and somone with a nickname of "this-user"

Maybe it should just work that when you update your profile, it won't let you choose an existing sanitized nickname. Place that already have it will have problems, and they'll be able to fix them the next time they edit their profiles.

08/30/05 21:10:29 changed by markjaquith

we also might consider that having the permalink be based on something that can be changed on a whim isn't really such a good idea. These links are far from "perma." Using a sanitized login would be better.

08/31/05 00:19:04 changed by claudem

Just to be sure we are understanding each other, I was in fact talking about "nice" name. Not "nick" name. The nicename is not editable and it is the sanitized version of the username.

Thus, this field could be used as a permalink since it cannot change over time. We only have to be sure it is unique.

10/04/06 00:40:37 changed by Nazgul

  • keywords set to needs-patch.
  • milestone set to 2.1.

11/18/06 06:08:01 changed by matt

  • milestone changed from 2.1 to 2.2.

02/01/07 18:47:42 changed by charleshooper

  • cc changed from claude@montpetit.net to claude@montpetit.net, charleshooper.

02/02/07 01:28:19 changed by charleshooper

  • keywords changed from needs-patch to has-patch needs-testing 2nd-opninion.
  • owner changed from anonymous to charleshooper.
  • version changed from 1.5.1.2 to 2.1.
  • status changed from new to assigned.

I've added a patch for 2.1 to fix this. The patch adds a nicename_exists() function, which relies on another function I just added: get_userdatabynicename(). This function works the exact same way as get_userdatabylogin() however it checks user_nicename, which is always derived from sanitize_title ( user_login ) .

get_userdatabynicename() does not currently use any caching. I could change that, but I think that is better suited for 2.2 where caching has been fixed up a bit.

02/02/07 04:54:03 changed by foolswisdom

  • version changed from 2.1 to 1.5.1.2.

Don't update the version, that is the version where it was first reported against. Not that it often matters.

02/02/07 21:49:46 changed by charleshooper

Whoops, my bad.

Should the database schema also be modified to create a UNIQUE index on wp_users.user_nicename?

02/02/07 22:11:28 changed by charleshooper

  • attachment wp_check_nicename.diff added.

Adds user_nicename checks to WP

02/02/07 22:15:32 changed by charleshooper

  • attachment wp_check_nicename2.diff added.

Adds user_nicename checks to WP, with caching

02/02/07 22:17:34 changed by charleshooper

For whatever reason my new patch wasn't getting posted (or maybe it was just cached) whenever I tried to upload it with the same filename, so I posted the one labeled wp_check_nicename2.diff, ignore the first one please, I made an error.

03/13/07 04:25:16 changed by johnbillion

#3965 has been marked a duplicate of this bug.

03/27/07 19:53:50 changed by foolswisdom

  • milestone changed from 2.2 to 2.3.

09/11/07 19:15:33 changed by westi

  • keywords changed from has-patch needs-testing 2nd-opninion to needs-testing 2nd-opninion.

Current patch does not apply cleanly - removing has-patch

If we are to do the validation of user_nicename it should be done in wp_insert_user I think we a check against the cache/db in there.

09/11/07 22:52:53 changed by ryan

  • milestone changed from 2.3 to 2.4 (next).

01/06/08 15:28:59 changed by hansengel

  • keywords changed from needs-testing 2nd-opninion to needs-testing 2nd-opinion.

02/13/08 15:15:09 changed by pishmishy

  • keywords changed from needs-testing 2nd-opinion to needs-patch.
  • owner changed from charleshooper to pishmishy.
  • status changed from assigned to new.

I think we could use the pre_user_nicename filter to check for uniqueness.

02/13/08 15:15:14 changed by pishmishy

  • status changed from new to assigned.

02/13/08 15:42:04 changed by pishmishy

  • keywords changed from needs-patch to has-patch needs-testing dev-feedback.

We don't use the pre_user_nicename filter, just modify username_exists() to make sure another user doesn't have the same nicename. Adds a function to retrieve user data based on nicename.

I'm not entirely sure how this would effect upgrades to an installation where nice-names are already conflicting, so tagged as needs-testing and dev-feedback.

02/13/08 15:44:37 changed by pishmishy

  • attachment 1626.patch added.

Modifies username_exists() and adds get_user_by_nicename()

05/06/08 10:01:13 changed by pishmishy

I'm almost tempted to close this one. A solution has been offered up but there doesn't appear to be too many people calling for it.

05/06/08 14:53:47 changed by claudem

  • cc changed from claude@montpetit.net, charleshooper to claudem, charleshooper.