Users: Empty sanitized usernames should be considered invalid when passed through validate_username().

Adds tests. Props gwinhlopez for the initial patch. Props mordauk, chriscct7. Fixes #24618. Built from https://develop.svn.wordpress.org/trunk@34856 git-svn-id: http://core.svn.wordpress.org/trunk@34821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-11-17 08:05:21 +01:00 · 2015-10-06 05:35:25 +00:00 · 2015-10-06 05:35:25 +00:00 · 7b82d75ec8
commit 7b82d75ec8
parent 99be7beda0
2 changed files with 4 additions and 2 deletions
--- a/wp-includes/user-functions.php
+++ b/wp-includes/user-functions.php
@ -1176,13 +1176,15 @@ function email_exists( $email ) {
 * Checks whether a username is valid.
 *
 * @since 2.0.1
+ * @since 4.4.0 Empty sanitized usernames are now considered invalid
 *
 * @param string $username Username.
 * @return bool Whether username given is valid
 */
 function validate_username( $username ) {
 	$sanitized = sanitize_user( $username, true );
-	$valid = ( $sanitized == $username );
+	$valid = ( $sanitized == $username && ! empty( $sanitized ) );
+
 	/**
 	 * Filter whether the provided username is valid or not.
 	 *
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.4-alpha-34855';
+$wp_version = '4.4-alpha-34856';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.