Wordpress

History

Boone Gorges 0adb6877b2 Improve validation of `user_login` and `user_nicename` length. The `user_login` field only allows 60 characters, and `user_nicename` allows 50. However, there are no protections in the interface, and few in the code, that prevent the creation of users with values in excess of these limits. Prior to recent changes in `$wpdb`, users were generally created anyway, MySQL having performed the necessary truncation. More recently, the `INSERT`s and `UPDATE`s simply fail, with no real feedback on the nature of the failure. This changeset addresses the issue in a number of ways: * On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length. * In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length. * In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc). Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges. Fixes #33793. git-svn-id: https://develop.svn.wordpress.org/trunk@34218 602fd350-edb4-49c9-b593-d223f7449a82	2015-09-15 22:13:51 +00:00
..
phpunit	Improve validation of `user_login` and `user_nicename` length.	2015-09-15 22:13:51 +00:00
qunit	TinyMCE: update to 4.2.5, changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=index&pr_id=1 .	2015-09-09 19:44:09 +00:00

Boone Gorges 0adb6877b2 Improve validation of user_login and user_nicename length.

The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.

git-svn-id: https://develop.svn.wordpress.org/trunk@34218 602fd350-edb4-49c9-b593-d223f7449a82

2015-09-15 22:13:51 +00:00

phpunit Improve validation of user_login and user_nicename length. 2015-09-15 22:13:51 +00:00

qunit TinyMCE: update to 4.2.5, changelog: http://www.tinymce.com/develop/changelog/?ctrl=version&act=index&pr_id=1 . 2015-09-09 19:44:09 +00:00