Login and Registration: Allow email logins to be more flexible.

Allows a login to have an apostorphe. Which would normally be created as a mistake, but this allows the login to happen. Fixes #38744 Props wpkuf, desrosj, socalchristina, bibliofille, santilinwp, nsubugak, sncoker, cafenoirdesign, whyisjake. git-svn-id: https://develop.svn.wordpress.org/trunk@46640 602fd350-edb4-49c9-b593-d223f7449a82
2019-11-03 20:10:23 +00:00 · 2019-11-03 20:10:23 +00:00 · 84c794ba41
commit 84c794ba41
parent 9d88dbac58
4 changed files with 38 additions and 4 deletions
--- a/src/wp-admin/includes/user.php
+++ b/src/wp-admin/includes/user.php
@ -41,7 +41,7 @@ function edit_user( $user_id = 0 ) {
 	}

 	if ( ! $update && isset( $_POST['user_login'] ) ) {
-		$user->user_login = sanitize_user( $_POST['user_login'], true );
+		$user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
 	}

 	$pass1 = '';
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@ -35,7 +35,7 @@ function wp_signon( $credentials = array(), $secure_cookie = '' ) {
 		$credentials = array(); // Back-compat for plugins passing an empty string.

 		if ( ! empty( $_POST['log'] ) ) {
-			$credentials['user_login'] = $_POST['log'];
+			$credentials['user_login'] = wp_unslash( $_POST['log'] );
 		}
 		if ( ! empty( $_POST['pwd'] ) ) {
 			$credentials['user_password'] = $_POST['pwd'];
--- a/src/wp-login.php
+++ b/src/wp-login.php
@ -1032,7 +1032,7 @@ switch ( $action ) {

 		if ( $http_post ) {
 			if ( isset( $_POST['user_login'] ) && is_string( $_POST['user_login'] ) ) {
-				$user_login = $_POST['user_login'];
+				$user_login = wp_unslash( $_POST['user_login'] );
 			}

 			if ( isset( $_POST['user_email'] ) && is_string( $_POST['user_email'] ) ) {
@ -1150,7 +1150,7 @@ switch ( $action ) {

 		// If the user wants SSL but the session is not SSL, force a secure cookie.
 		if ( ! empty( $_POST['log'] ) && ! force_ssl_admin() ) {
-			$user_name = sanitize_user( $_POST['log'] );
+			$user_name = sanitize_user( wp_unslash( $_POST['log'] ) );
 			$user      = get_user_by( 'login', $user_name );

 			if ( ! $user && strpos( $user_name, '@' ) ) {
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@ -35,6 +35,22 @@ class Tests_User extends WP_UnitTestCase {
 		);
 		self::$user_ids[] = self::$contrib_id;

+		self::$user_ids[] = $factory->user->create(
+			array(
+				'user_login'    => "testemailaddress'@test.com",
+				'user_nicename' => 'user_email_with_apostrophe',
+				'user_pass'     => 'password',
+				'first_name'    => 'John',
+				'last_name'     => 'Doe',
+				'display_name'  => 'John Doe',
+				'user_email'    => "testemailaddress'@test.com",
+				'user_url'      => 'http://tacos.com',
+				'role'          => 'contributor',
+				'nickname'      => 'Johnny',
+				'description'   => 'I am a WordPress user that cares about privacy.',
+			)
+		);
+
 		self::$author_id  = $factory->user->create(
 			array(
 				'user_login' => 'author_login',
@ -65,6 +81,24 @@ class Tests_User extends WP_UnitTestCase {
 		$this->author = clone self::$_author;
 	}

+	public function test_that_you_can_login_with_an_email_that_has_apostrophe() {
+
+		//create the user with an email that has an apostrophe (see test setup)
+
+		//login as the user
+		$credentials = [
+			'user_login'    => "testemailaddress'@test.com",
+			'user_password' => 'password',
+		];
+
+		//attempt to login
+		$user = wp_signon( $credentials );
+
+		//assert that login was successfull
+		//if the login fails, an instance of WP_Error is returned rather than User object
+		$this->assertNotWPError( $user );
+	}
+
 	function test_get_users_of_blog() {
 		// add one of each user role
 		$nusers = array(