Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-27 06:42:56 +02:00
Code Issues Projects Releases Wiki Activity

Login and Registration: prevent registering with username that matches previous user email.

Browse Source 
When registering a new user, check that no existing user has an email matching the username.

Prevents a login name collision when one user registers with the email address user@test.com and a second user tries to register with the username user@test.com.

Props buutqn, dunhakdis, roytanck, ajayver.
Fixes #57394.


Built from https://develop.svn.wordpress.org/trunk@55358


git-svn-id: http://core.svn.wordpress.org/trunk@54891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Adam Silverstein 2023-02-17 08:10:22 +00:00
parent f0789b6423
commit 1b873c8a19
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
wp-includes/user.php
View File

@ -2123,10 +2123,16 @@ function wp_insert_user( $userdata ) {
return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) );
} }
// Username must be unique.
if ( ! $update && username_exists( $user_login ) ) { if ( ! $update && username_exists( $user_login ) ) {
return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
} }
// Username must not match an existing user email.
if ( email_exists( $user_login ) ) {
return new WP_Error( 'existing_user_login_as_email', __( 'Sorry, that username is not available.' ) );
}
/** /**
* Filters the list of disallowed usernames. * Filters the list of disallowed usernames.
* *
@ -3340,7 +3346,8 @@ function register_new_user( $user_login, $user_email ) {
$sanitized_user_login = ''; $sanitized_user_login = '';
} elseif ( username_exists( $sanitized_user_login ) ) { } elseif ( username_exists( $sanitized_user_login ) ) {
$errors->add( 'username_exists', __( '<strong>Error:</strong> This username is already registered. Please choose another one.' ) ); $errors->add( 'username_exists', __( '<strong>Error:</strong> This username is already registered. Please choose another one.' ) );
} elseif ( email_exists( $sanitized_user_login ) ) {
$errors->add( 'username_exists_as_email', __( '<strong>Error:</strong> This username is not available. Please choose another one.' ) );
} else { } else {
/** This filter is documented in wp-includes/user.php */ /** This filter is documented in wp-includes/user.php */
$illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() ); $illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() );

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.2-beta2-55356'; $wp_version = '6.2-beta2-55358';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.