sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users: Add 'illegal_user_logins' filter to allow certain usernames to be blacklisted.

Browse Source 
Props danielbachhuber, chriscct7, crazycoolcam, SergeyBiryukov.
Fixes #27317.

git-svn-id: https://develop.svn.wordpress.org/trunk@35189 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2015-10-15 05:42:05 +00:00
parent 742082c042
commit e675e2ccf0
4 changed files with 78 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/user.php
View File

@ -142,6 +142,12 @@ function edit_user( $user_id = 0 ) {
if ( !$update && username_exists( $user->user_login ) ) if ( !$update && username_exists( $user->user_login ) )
$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' )); $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
/** This filter is documented in wp-includes/user-functions.php */
$usernames = apply_filters( 'illegal_user_logins', array() );
if ( in_array( $user->user_login, $usernames ) ) {
$errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
}
/* checking email address */ /* checking email address */
if ( empty( $user->user_email ) ) { if ( empty( $user->user_email ) ) {
$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) ); $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );

10
src/wp-includes/ms-functions.php
View File

@ -427,8 +427,14 @@ function wpmu_validate_user_signup($user_name, $user_email) {
$illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' );
add_site_option( 'illegal_names', $illegal_names ); add_site_option( 'illegal_names', $illegal_names );
} }
if ( in_array( $user_name, $illegal_names ) ) if ( in_array( $user_name, $illegal_names ) ) {
$errors->add('user_name', __( 'That username is not allowed.' ) ); $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
}
/** This filter is documented in wp-includes/user-functions.php */
if ( in_array( $user_name, apply_filters( 'illegal_user_logins', array() ) ) ) {
$errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
}
if ( is_email_address_unsafe( $user_email ) ) if ( is_email_address_unsafe( $user_email ) )
$errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));

11
src/wp-includes/user-functions.php
View File

@ -1315,6 +1315,17 @@ function wp_insert_user( $userdata ) {
return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
} }
/**
* Filter the list of blacklisted usernames.
*
* @since 4.4.0
*
* @param array $usernames Array of blacklisted usernames.
*/
if ( in_array( $user_login, apply_filters( 'illegal_user_logins', array() ) ) ) {
return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
}
/* /*
* If a nicename is provided, remove unsafe user characters before using it. * If a nicename is provided, remove unsafe user characters before using it.
* Otherwise build a nicename from the user_login. * Otherwise build a nicename from the user_login.

53
tests/phpunit/tests/user.php
View File

@ -602,6 +602,59 @@ class Tests_User extends WP_UnitTestCase {
} }
} }
/**
* @ticket 27317
*/
function test_illegal_user_logins_single() {
$user_data = array(
'user_login' => 'testuser',
'user_email' => 'testuser@example.com',
'user_pass' => wp_generate_password(),
);
add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
$response = wp_insert_user( $user_data );
$this->assertInstanceOf( 'WP_Error', $response );
$this->assertEquals( 'illegal_user_login', $response->get_error_code() );
remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
$user_id = wp_insert_user( $user_data );
$user = get_user_by( 'id', $user_id );
$this->assertInstanceOf( 'WP_User', $user );
}
/**
* @ticket 27317
*/
function test_illegal_user_logins_multisite() {
if ( ! is_multisite() ) {
return;
}
$user_data = array(
'user_login' => 'testuser',
'user_email' => 'testuser@example.com',
);
add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
$response = wpmu_validate_user_signup( $user_data['user_login'], $user_data['user_email'] );
$this->assertInstanceOf( 'WP_Error', $response['errors'] );
$this->assertEquals( 'user_name', $response['errors']->get_error_code() );
remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
$response = wpmu_validate_user_signup( $user_data['user_login'], $user_data['user_email'] );
$this->assertInstanceOf( 'WP_Error', $response['errors'] );
$this->assertEquals( 0, count( $response['errors']->get_error_codes() ) );
}
function _illegal_user_logins() {
return array( 'testuser' );
}
/** /**
* @ticket 24618 * @ticket 24618
*/ */