From b5ed00dc825e1212c02aead0fc717412916de611 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Fri, 29 Nov 2019 22:02:30 +0000 Subject: [PATCH] REST API: Use strict `in_array()` checks for the list of usernames blacklisted via `illegal_user_logins` filter. See #48839. git-svn-id: https://develop.svn.wordpress.org/trunk@46804 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/user.php | 2 +- src/wp-includes/ms-functions.php | 2 +- .../rest-api/endpoints/class-wp-rest-users-controller.php | 2 +- src/wp-includes/user.php | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php index 20fbcd851f..8f40723e67 100644 --- a/src/wp-admin/includes/user.php +++ b/src/wp-admin/includes/user.php @@ -193,7 +193,7 @@ function edit_user( $user_id = 0 ) { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { $errors->add( 'invalid_username', __( 'ERROR: Sorry, that username is not allowed.' ) ); } diff --git a/src/wp-includes/ms-functions.php b/src/wp-includes/ms-functions.php index 94418ad350..43325c0cac 100644 --- a/src/wp-includes/ms-functions.php +++ b/src/wp-includes/ms-functions.php @@ -488,7 +488,7 @@ function wpmu_validate_user_signup( $user_name, $user_email ) { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ), true ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index dacc327b0e..652f4ead76 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -1137,7 +1137,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) { return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) ); } diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php index f6b60db913..fd03e6994e 100644 --- a/src/wp-includes/user.php +++ b/src/wp-includes/user.php @@ -1584,7 +1584,7 @@ function wp_insert_user( $userdata ) { */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) ); } @@ -2503,7 +2503,7 @@ function register_new_user( $user_login, $user_email ) { } else { /** This filter is documented in wp-includes/user.php */ $illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ) ) ) { + if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ), true ) ) { $errors->add( 'invalid_username', __( 'ERROR: Sorry, that username is not allowed.' ) ); } }