From d1e7e7e9b7f9a1788adb8a0ab7fe948b03adc4e5 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Wed, 18 Jan 2006 05:37:26 +0000
Subject: [PATCH] sanitize_user() fixes.

git-svn-id: https://develop.svn.wordpress.org/trunk@3454 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/functions-formatting.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/wp-includes/functions-formatting.php b/wp-includes/functions-formatting.php
index 255b6ccc23..274d7e6db1 100644
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -266,7 +266,12 @@ function remove_accents($string) {
 }
 
 function sanitize_user( $username ) {
-	return preg_replace('|a-z0-9 _.-|i', '', $username);
+	$raw_username = $username;
+	$username = strip_tags($username);
+	// Kill octets
+	$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
+	$username = preg_replace('/&.+?;/', '', $username); // Kill entities
+	return apply_filters('sanitize_user', $username, $raw_username);
 }
 
 function sanitize_title($title, $fallback_title = '') {