diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php
index 1d132b372f..bb68ad9c62 100644
--- a/src/wp-admin/includes/user.php
+++ b/src/wp-admin/includes/user.php
@@ -143,7 +143,9 @@ function edit_user( $user_id = 0 ) {
$errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' ));
/** This filter is documented in wp-includes/user-functions.php */
- if ( in_array( $user->user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
+ $illegal_logins = apply_filters( 'illegal_user_logins', array() );
+
+ if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
$errors->add( 'illegal_user_login', __( 'ERROR: Sorry, that username is not allowed.' ) );
}
diff --git a/src/wp-includes/ms-functions.php b/src/wp-includes/ms-functions.php
index 62a2d4e37a..d54a838e10 100644
--- a/src/wp-includes/ms-functions.php
+++ b/src/wp-includes/ms-functions.php
@@ -432,7 +432,9 @@ function wpmu_validate_user_signup($user_name, $user_email) {
}
/** This filter is documented in wp-includes/user-functions.php */
- if ( in_array( $user_name, apply_filters( 'illegal_user_logins', array() ) ) ) {
+ $illegal_logins = apply_filters( 'illegal_user_logins', array() );
+
+ if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) {
$errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
}
diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php
index 89ee9c8574..1a71fcaaad 100644
--- a/src/wp-includes/user-functions.php
+++ b/src/wp-includes/user-functions.php
@@ -1328,7 +1328,9 @@ function wp_insert_user( $userdata ) {
*
* @param array $usernames Array of blacklisted usernames.
*/
- if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
+ $illegal_logins = apply_filters( 'illegal_user_logins', array() );
+
+ if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
}
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index e3525dffae..817ef067de 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -595,10 +595,11 @@ class Tests_User extends WP_UnitTestCase {
/**
* @ticket 27317
+ * @dataProvider _illegal_user_logins_data
*/
- function test_illegal_user_logins_single() {
+ function test_illegal_user_logins_single( $user_login ) {
$user_data = array(
- 'user_login' => 'testuser',
+ 'user_login' => $user_login,
'user_email' => 'testuser@example.com',
'user_pass' => wp_generate_password(),
);
@@ -618,14 +619,15 @@ class Tests_User extends WP_UnitTestCase {
/**
* @ticket 27317
+ * @dataProvider _illegal_user_logins_data
*/
- function test_illegal_user_logins_multisite() {
+ function test_illegal_user_logins_multisite( $user_login ) {
if ( ! is_multisite() ) {
return;
}
$user_data = array(
- 'user_login' => 'testuser',
+ 'user_login' => $user_login,
'user_email' => 'testuser@example.com',
);
@@ -642,6 +644,13 @@ class Tests_User extends WP_UnitTestCase {
$this->assertEquals( 0, count( $response['errors']->get_error_codes() ) );
}
+ function _illegal_user_logins_data() {
+ return array(
+ array( 'testuser' ),
+ array( 'TestUser' ),
+ );
+ }
+
function _illegal_user_logins() {
return array( 'testuser' );
}