From 1d1c74385f9f0e6e2e8424fff3e1c2ddabe153f9 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Fri, 29 Nov 2019 22:04:02 +0000 Subject: [PATCH] REST API: Use strict `in_array()` checks for the list of usernames blacklisted via `illegal_user_logins` filter. See #48839. Built from https://develop.svn.wordpress.org/trunk@46804 git-svn-id: http://core.svn.wordpress.org/trunk@46604 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/user.php | 2 +- wp-includes/ms-functions.php | 2 +- .../rest-api/endpoints/class-wp-rest-users-controller.php | 2 +- wp-includes/user.php | 4 ++-- wp-includes/version.php | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 20fbcd851f..8f40723e67 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -193,7 +193,7 @@ function edit_user( $user_id = 0 ) { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { $errors->add( 'invalid_username', __( 'ERROR: Sorry, that username is not allowed.' ) ); } diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 94418ad350..43325c0cac 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -488,7 +488,7 @@ function wpmu_validate_user_signup( $user_name, $user_email ) { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user_name ), array_map( 'strtolower', $illegal_logins ), true ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php index dacc327b0e..652f4ead76 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php @@ -1137,7 +1137,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller { /** This filter is documented in wp-includes/user.php */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) { return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) ); } diff --git a/wp-includes/user.php b/wp-includes/user.php index f6b60db913..fd03e6994e 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -1584,7 +1584,7 @@ function wp_insert_user( $userdata ) { */ $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) { + if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ), true ) ) { return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) ); } @@ -2503,7 +2503,7 @@ function register_new_user( $user_login, $user_email ) { } else { /** This filter is documented in wp-includes/user.php */ $illegal_user_logins = (array) apply_filters( 'illegal_user_logins', array() ); - if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ) ) ) { + if ( in_array( strtolower( $sanitized_user_login ), array_map( 'strtolower', $illegal_user_logins ), true ) ) { $errors->add( 'invalid_username', __( 'ERROR: Sorry, that username is not allowed.' ) ); } } diff --git a/wp-includes/version.php b/wp-includes/version.php index 6283ab4dad..dc9b5b499f 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-alpha-46803'; +$wp_version = '5.4-alpha-46804'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.