From 7b82d75ec85c8d4b7c5d35ec19f3cabf6d6bf228 Mon Sep 17 00:00:00 2001
From: Drew Jaynes <info@drewapicture.com>
Date: Tue, 6 Oct 2015 05:35:25 +0000
Subject: [PATCH] Users: Empty sanitized usernames should be considered invalid
 when passed through `validate_username()`.

Adds tests.

Props gwinhlopez for the initial patch.
Props mordauk, chriscct7.
Fixes #24618.

Built from https://develop.svn.wordpress.org/trunk@34856


git-svn-id: http://core.svn.wordpress.org/trunk@34821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/user-functions.php | 4 +++-
 wp-includes/version.php        | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/wp-includes/user-functions.php b/wp-includes/user-functions.php
index af3d1e2db1..ec00edc9d0 100644
--- a/wp-includes/user-functions.php
+++ b/wp-includes/user-functions.php
@@ -1176,13 +1176,15 @@ function email_exists( $email ) {
  * Checks whether a username is valid.
  *
  * @since 2.0.1
+ * @since 4.4.0 Empty sanitized usernames are now considered invalid
  *
  * @param string $username Username.
  * @return bool Whether username given is valid
  */
 function validate_username( $username ) {
 	$sanitized = sanitize_user( $username, true );
-	$valid = ( $sanitized == $username );
+	$valid = ( $sanitized == $username && ! empty( $sanitized ) );
+
 	/**
 	 * Filter whether the provided username is valid or not.
 	 *
diff --git a/wp-includes/version.php b/wp-includes/version.php
index a5487bc3d8..859a132132 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34855';
+$wp_version = '4.4-alpha-34856';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.