From 0cff6290509a336a12b1b8106a2cf35923fd98ea Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Thu, 12 Nov 2015 16:29:45 +0000 Subject: [PATCH] Users: After [35189], make `'illegal_user_logins'` check case-insensitive. Props juliobox. Fixes #27317. git-svn-id: https://develop.svn.wordpress.org/trunk@35629 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/user.php | 4 +++- src/wp-includes/ms-functions.php | 4 +++- src/wp-includes/user-functions.php | 4 +++- tests/phpunit/tests/user.php | 17 +++++++++++++---- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php index 1d132b372f..bb68ad9c62 100644 --- a/src/wp-admin/includes/user.php +++ b/src/wp-admin/includes/user.php @@ -143,7 +143,9 @@ function edit_user( $user_id = 0 ) { $errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' )); /** This filter is documented in wp-includes/user-functions.php */ - if ( in_array( $user->user_login, apply_filters( 'illegal_user_logins', array() ) ) ) { + $illegal_logins = apply_filters( 'illegal_user_logins', array() ); + + if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { $errors->add( 'illegal_user_login', __( 'ERROR: Sorry, that username is not allowed.' ) ); } diff --git a/src/wp-includes/ms-functions.php b/src/wp-includes/ms-functions.php index 62a2d4e37a..d54a838e10 100644 --- a/src/wp-includes/ms-functions.php +++ b/src/wp-includes/ms-functions.php @@ -432,7 +432,9 @@ function wpmu_validate_user_signup($user_name, $user_email) { } /** This filter is documented in wp-includes/user-functions.php */ - if ( in_array( $user_name, apply_filters( 'illegal_user_logins', array() ) ) ) { + $illegal_logins = apply_filters( 'illegal_user_logins', array() ); + + if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php index 89ee9c8574..1a71fcaaad 100644 --- a/src/wp-includes/user-functions.php +++ b/src/wp-includes/user-functions.php @@ -1328,7 +1328,9 @@ function wp_insert_user( $userdata ) { * * @param array $usernames Array of blacklisted usernames. */ - if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) { + $illegal_logins = apply_filters( 'illegal_user_logins', array() ); + + if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) ); } diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php index e3525dffae..817ef067de 100644 --- a/tests/phpunit/tests/user.php +++ b/tests/phpunit/tests/user.php @@ -595,10 +595,11 @@ class Tests_User extends WP_UnitTestCase { /** * @ticket 27317 + * @dataProvider _illegal_user_logins_data */ - function test_illegal_user_logins_single() { + function test_illegal_user_logins_single( $user_login ) { $user_data = array( - 'user_login' => 'testuser', + 'user_login' => $user_login, 'user_email' => 'testuser@example.com', 'user_pass' => wp_generate_password(), ); @@ -618,14 +619,15 @@ class Tests_User extends WP_UnitTestCase { /** * @ticket 27317 + * @dataProvider _illegal_user_logins_data */ - function test_illegal_user_logins_multisite() { + function test_illegal_user_logins_multisite( $user_login ) { if ( ! is_multisite() ) { return; } $user_data = array( - 'user_login' => 'testuser', + 'user_login' => $user_login, 'user_email' => 'testuser@example.com', ); @@ -642,6 +644,13 @@ class Tests_User extends WP_UnitTestCase { $this->assertEquals( 0, count( $response['errors']->get_error_codes() ) ); } + function _illegal_user_logins_data() { + return array( + array( 'testuser' ), + array( 'TestUser' ), + ); + } + function _illegal_user_logins() { return array( 'testuser' ); }