Users: Empty sanitized usernames should be considered invalid when passed through validate_username().

Adds tests.

Props gwinhlopez for the initial patch.
Props mordauk, chriscct7.
Fixes #24618.


git-svn-id: https://develop.svn.wordpress.org/trunk@34856 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/user-functions.php

@@ -1176,13 +1176,15 @@ function email_exists( $email ) {
  * Checks whether a username is valid.
  *
  * @since 2.0.1
+ * @since 4.4.0 Empty sanitized usernames are now considered invalid
  *
  * @param string $username Username.
  * @return bool Whether username given is valid
  */
 function validate_username( $username ) {
 	$sanitized = sanitize_user( $username, true );
-	$valid = ( $sanitized == $username );
+	$valid = ( $sanitized == $username && ! empty( $sanitized ) );
+
 	/**
 	 * Filter whether the provided username is valid or not.
 	 *

tests/phpunit/tests/user.php

@@ -599,6 +599,29 @@ class Tests_User extends WP_UnitTestCase {
 		}
 	}
 
+	/**
+	 * @ticket 24618
+	 */
+	public function test_validate_username_string() {
+		$this->assertTrue( validate_username( rand_str() ) );
+		$this->assertTrue( validate_username( 'JohnDoe' ) );
+		$this->assertTrue( validate_username( 'test@test.com' ) );
+	}
+
+	/**
+	 * @ticket 24618
+	 */
+	public function test_validate_username_empty() {
+		$this->assertFalse( validate_username( '' ) );
+	}
+
+	/**
+	 * @ticket 24618
+	 */
+	public function test_validate_username_invalid() {
+		$this->assertFalse( validate_username( '@#&99sd' ) );
+	}
+
 	/**
 	 * @ticket 29696
 	 */