diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 2375db7727..5b1a689dea 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -158,8 +158,8 @@ function edit_user( $user_id = 0 ) {
if ( !empty( $pass1 ) )
$user->user_pass = $pass1;
- if ( !$update && !validate_username( $user->user_login ) )
- $errors->add( 'user_login', __( 'ERROR: This username is invalid. Please enter a valid username.' ));
+ if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
+ $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
if ( !$update && username_exists( $user->user_login ) )
$errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' ));
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index a2c91f79f1..b2c5407cfc 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -735,19 +735,20 @@ function sanitize_file_name( $filename ) {
*/
function sanitize_user( $username, $strict = false ) {
$raw_username = $username;
- $username = wp_strip_all_tags($username);
+ $username = wp_strip_all_tags( $username );
+ $username = remove_accents( $username );
// Kill octets
- $username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
- $username = preg_replace('/&.+?;/', '', $username); // Kill entities
+ $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
+ $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
// If strict, reduce to ASCII for max portability.
if ( $strict )
- $username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
+ $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
// Consolidate contiguous whitespace
- $username = preg_replace('|\s+|', ' ', $username);
+ $username = preg_replace( '|\s+|', ' ', $username );
- return apply_filters('sanitize_user', $username, $raw_username, $strict);
+ return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}
/**
diff --git a/wp-login.php b/wp-login.php
index ffd0f619b4..2d1e02ab63 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -268,47 +268,49 @@ function reset_password($key, $login) {
* @param string $user_email User's email address to send password and add
* @return int|WP_Error Either user's ID or error on failure.
*/
-function register_new_user($user_login, $user_email) {
+function register_new_user( $user_login, $user_email ) {
$errors = new WP_Error();
- $user_login = sanitize_user( $user_login );
+ $sanitized_user_login = sanitize_user( $user_login );
$user_email = apply_filters( 'user_registration_email', $user_email );
// Check the username
- if ( $user_login == '' )
- $errors->add('empty_username', __('ERROR: Please enter a username.'));
- elseif ( !validate_username( $user_login ) ) {
- $errors->add('invalid_username', __('ERROR: This username is invalid. Please enter a valid username.'));
- $user_login = '';
- } elseif ( username_exists( $user_login ) )
- $errors->add('username_exists', __('ERROR: This username is already registered, please choose another one.'));
+ if ( $sanitized_user_login == '' ) {
+ $errors->add( 'empty_username', __( 'ERROR: Please enter a username.' ) );
+ } elseif ( ! validate_username( $user_login ) ) {
+ $errors->add( 'invalid_username', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
+ $sanitized_user_login = '';
+ } elseif ( username_exists( $sanitized_user_login ) ) {
+ $errors->add( 'username_exists', __( 'ERROR: This username is already registered, please choose another one.' ) );
+ }
// Check the e-mail address
- if ($user_email == '') {
- $errors->add('empty_email', __('ERROR: Please type your e-mail address.'));
- } elseif ( !is_email( $user_email ) ) {
- $errors->add('invalid_email', __('ERROR: The email address isn’t correct.'));
+ if ( $user_email == '' ) {
+ $errors->add( 'empty_email', __( 'ERROR: Please type your e-mail address.' ) );
+ } elseif ( ! is_email( $user_email ) ) {
+ $errors->add( 'invalid_email', __( 'ERROR: The email address isn’t correct.' ) );
$user_email = '';
- } elseif ( email_exists( $user_email ) )
- $errors->add('email_exists', __('ERROR: This email is already registered, please choose another one.'));
+ } elseif ( email_exists( $user_email ) ) {
+ $errors->add( 'email_exists', __( 'ERROR: This email is already registered, please choose another one.' ) );
+ }
- do_action('register_post', $user_login, $user_email, $errors);
+ do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
- $errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
+ $errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
if ( $errors->get_error_code() )
return $errors;
$user_pass = wp_generate_password();
- $user_id = wp_create_user( $user_login, $user_pass, $user_email );
- if ( !$user_id ) {
- $errors->add('registerfail', sprintf(__('ERROR: Couldn’t register you... please contact the webmaster !'), get_option('admin_email')));
+ $user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
+ if ( ! $user_id ) {
+ $errors->add( 'registerfail', sprintf( __( 'ERROR: Couldn’t register you... please contact the webmaster !' ), get_option( 'admin_email' ) ) );
return $errors;
}
- update_user_option($user_id, 'default_password_nag', true, true); //Set up the Password change nag.
+ update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
- wp_new_user_notification($user_id, $user_pass);
+ wp_new_user_notification( $user_id, $user_pass );
return $user_id;
}