From a1f89f4e86c9963e3ee6e87723fcba63bd13df97 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Fri, 4 Dec 2015 23:24:56 +0000
Subject: [PATCH] Use 'invalid_username' error code when tripping
 'illegal_user_logins'.

This gives us better compatibility with existing errors thrown by
`sanitize_user()`, especially in Multisite, where user_login has more
restrictions on allowed characters.

Props markjaquith.
Fixes #27317.

git-svn-id: https://develop.svn.wordpress.org/trunk@35772 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/user.php |  2 +-
 src/wp-includes/user.php       |  9 ++++++++-
 tests/phpunit/tests/user.php   | 33 +++++++++++++++++++++++++++++----
 3 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php
index 3d37bdf579..005266860a 100644
--- a/src/wp-admin/includes/user.php
+++ b/src/wp-admin/includes/user.php
@@ -146,7 +146,7 @@ function edit_user( $user_id = 0 ) {
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
 	if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
-		$errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
+		$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
 	}
 
 	/* checking email address */
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index 0abe79e7d2..45da472f12 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -1331,7 +1331,7 @@ function wp_insert_user( $userdata ) {
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
 	if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
-		return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
+		return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) );
 	}
 
 	/*
@@ -2124,6 +2124,13 @@ function register_new_user( $user_login, $user_email ) {
 		$sanitized_user_login = '';
 	} elseif ( username_exists( $sanitized_user_login ) ) {
 		$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
+
+	} else {
+		/** This filter is documented in wp-includes/user.php */
+		$illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) );
+		if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) {
+			$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
+		}
 	}
 
 	// Check the email address
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 3644ffcb79..c55fa6d347 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -622,7 +622,7 @@ class Tests_User extends WP_UnitTestCase {
 
 		$response = wp_insert_user( $user_data );
 		$this->assertInstanceOf( 'WP_Error', $response );
-		$this->assertEquals( 'illegal_user_login', $response->get_error_code() );
+		$this->assertEquals( 'invalid_username', $response->get_error_code() );
 
 		remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
 
@@ -631,6 +631,26 @@ class Tests_User extends WP_UnitTestCase {
 		$this->assertInstanceOf( 'WP_User', $user );
 	}
 
+	/**
+	 * @ticket 27317
+	 * @dataProvider _illegal_user_logins_data
+	 */
+	function test_illegal_user_logins_single_wp_create_user( $user_login ) {
+		$user_email = 'testuser-' . $user_login . '@example.com';
+
+		add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+		$response = register_new_user( $user_login, $user_email );
+		$this->assertInstanceOf( 'WP_Error', $response );
+		$this->assertEquals( 'invalid_username', $response->get_error_code() );
+
+		remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+		$response = register_new_user( $user_login, $user_email );
+		$user = get_user_by( 'id', $response );
+		$this->assertInstanceOf( 'WP_User', $user );
+	}
+
 	/**
 	 * @ticket 27317
 	 */
@@ -658,10 +678,15 @@ class Tests_User extends WP_UnitTestCase {
 	}
 
 	function _illegal_user_logins_data() {
-		return array(
-			array( 'testuser' ),
-			array( 'TestUser' ),
+		$data = array(
+			array( 'testuser' )
 		);
+
+		// Multisite doesn't allow mixed case logins ever
+		if ( ! is_multisite() ) {
+			$data[] = array( 'TestUser' );
+		}
+		return $data;
 	}
 
 	function _illegal_user_logins() {