From 3114dfddce7b31600a2f7eb084de0176c378e9d0 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Wed, 28 Apr 2010 02:20:32 +0000 Subject: [PATCH] Poka yoke for username sanitization during install. see #13159. git-svn-id: https://develop.svn.wordpress.org/trunk@14265 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/install.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wp-admin/install.php b/wp-admin/install.php index 93a9148071..4eeb6aff5d 100644 --- a/wp-admin/install.php +++ b/wp-admin/install.php @@ -193,6 +193,9 @@ switch($step) { // TODO: poka-yoke display_setup_form( __('you must provide a valid username.') ); $error = true; + } elseif ( $user_name != sanitize_user( $user_name, true ) ) { + display_setup_form( __('the username you provided has invalid characters.') ); + $error = true; } elseif ( $admin_password != $admin_password_check ) { // TODO: poka-yoke display_setup_form( __( 'your passwords do not match. Please try again' ) );