mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 17:48:01 +01:00
Always sanitize user_nicename in wp_insert_user().
Previously, a 'user_nicename' parameter passed into the function was unsanitized. This could result in a mismatch between the sanitized nicename generated automatically at user creation, resulting in broken author archive permalinks. Props joemcgill. Fixes #29696. Built from https://develop.svn.wordpress.org/trunk@29819 git-svn-id: http://core.svn.wordpress.org/trunk@29585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
59ef20d458
commit
2dad79f6c5
@ -1676,12 +1676,17 @@ function wp_insert_user( $userdata ) {
|
||||
if ( ! $update && username_exists( $user_login ) ) {
|
||||
return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
|
||||
}
|
||||
if ( empty( $userdata['user_nicename'] ) ) {
|
||||
$user_nicename = sanitize_title( $user_login );
|
||||
|
||||
// If a nicename is provided, remove unsafe user characters before
|
||||
// using it. Otherwise build a nicename from the user_login.
|
||||
if ( ! empty( $userdata['user_nicename'] ) ) {
|
||||
$user_nicename = sanitize_user( $userdata['user_nicename'], true );
|
||||
} else {
|
||||
$user_nicename = $userdata['user_nicename'];
|
||||
$user_nicename = $user_login;
|
||||
}
|
||||
|
||||
$user_nicename = sanitize_title( $user_nicename );
|
||||
|
||||
// Store values to save in user meta.
|
||||
$meta = array();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user