sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Username sanitization cleanups. 

git-svn-id: https://develop.svn.wordpress.org/trunk@3481 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2006-01-25 03:09:16 +00:00
parent 696afcde2e
commit a2e19bdbef
4 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-admin/admin-functions.php
View File

@ -329,13 +329,13 @@ function add_user() {
} }
function edit_user($user_id = 0) { function edit_user($user_id = 0) {
global $current_user, $wp_roles; global $current_user, $wp_roles, $wpdb;
if ($user_id != 0) { if ($user_id != 0) {
$update = true; $update = true;
$user->ID = $user_id; $user->ID = $user_id;
$userdata = get_userdata($user_id); $userdata = get_userdata($user_id);
$user->user_login = $userdata->user_login; $user->user_login = $wpdb->escape($userdata->user_login);
} else { } else {
$update = false; $update = false;
$user = ''; $user = '';
@ -406,6 +406,9 @@ function edit_user($user_id = 0) {
if (!empty ($pass1)) if (!empty ($pass1))
$user->user_pass = $pass1; $user->user_pass = $pass1;
if ( !validate_username($user->user_login) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
if (!$update && username_exists($user->user_login)) if (!$update && username_exists($user->user_login))
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');

9
wp-includes/functions-formatting.php
View File

@ -265,13 +265,18 @@ function remove_accents($string) {
return $string; return $string;
} }
function sanitize_user( $username ) { function sanitize_user( $username, $strict = false ) {
$raw_username = $username; $raw_username = $username;
$username = strip_tags($username); $username = strip_tags($username);
// Kill octets // Kill octets
$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username); $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
$username = preg_replace('/&.+?;/', '', $username); // Kill entities $username = preg_replace('/&.+?;/', '', $username); // Kill entities
return apply_filters('sanitize_user', $username, $raw_username);
// If strict, reduce to ASCII for max portability.
if ( $strict )
$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
return apply_filters('sanitize_user', $username, $raw_username, $strict);
} }
function sanitize_title($title, $fallback_title = '') { function sanitize_title($title, $fallback_title = '') {

12
wp-includes/registration-functions.php
View File

@ -10,6 +10,16 @@ function username_exists( $username ) {
return null; return null;
} }
function validate_username( $username ) {
$name = sanitize_user($username, true);
$valid = true;
if ( $name != $username )
$valid = false;
return apply_filters('validate_username', $valid, $username);
}
function wp_insert_user($userdata) { function wp_insert_user($userdata) {
global $wpdb; global $wpdb;
@ -24,6 +34,8 @@ function wp_insert_user($userdata) {
$user_pass = md5($user_pass); $user_pass = md5($user_pass);
} }
$user_login = sanitize_user($user_login, true);
if ( empty($user_nicename) ) if ( empty($user_nicename) )
$user_nicename = sanitize_title( $user_login ); $user_nicename = sanitize_title( $user_login );

3
wp-register.php
View File

@ -27,6 +27,9 @@ case 'register':
$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'); $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
} }
if ( ! validate_username($user_login) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
if ( username_exists( $user_login ) ) if ( username_exists( $user_login ) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.'); $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');