Username sanitization cleanups.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-01-25 03:09:16 +00:00
parent 9afb7a18db
commit 99385a2f18
4 changed files with 28 additions and 5 deletions

View File

@ -329,13 +329,13 @@ function add_user() {
}
function edit_user($user_id = 0) {
global $current_user, $wp_roles;
global $current_user, $wp_roles, $wpdb;
if ($user_id != 0) {
$update = true;
$user->ID = $user_id;
$userdata = get_userdata($user_id);
$user->user_login = $userdata->user_login;
$user->user_login = $wpdb->escape($userdata->user_login);
} else {
$update = false;
$user = '';
@ -406,6 +406,9 @@ function edit_user($user_id = 0) {
if (!empty ($pass1))
$user->user_pass = $pass1;
if ( !validate_username($user->user_login) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
if (!$update && username_exists($user->user_login))
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');

View File

@ -265,13 +265,18 @@ function remove_accents($string) {
return $string;
}
function sanitize_user( $username ) {
function sanitize_user( $username, $strict = false ) {
$raw_username = $username;
$username = strip_tags($username);
// Kill octets
$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
$username = preg_replace('/&.+?;/', '', $username); // Kill entities
return apply_filters('sanitize_user', $username, $raw_username);
// If strict, reduce to ASCII for max portability.
if ( $strict )
$username = preg_replace('|[^a-z0-9 _.-@]|i', '', $username);
return apply_filters('sanitize_user', $username, $raw_username, $strict);
}
function sanitize_title($title, $fallback_title = '') {

View File

@ -10,6 +10,16 @@ function username_exists( $username ) {
return null;
}
function validate_username( $username ) {
$name = sanitize_user($username, true);
$valid = true;
if ( $name != $username )
$valid = false;
return apply_filters('validate_username', $valid, $username);
}
function wp_insert_user($userdata) {
global $wpdb;
@ -24,6 +34,8 @@ function wp_insert_user($userdata) {
$user_pass = md5($user_pass);
}
$user_login = sanitize_user($user_login, true);
if ( empty($user_nicename) )
$user_nicename = sanitize_title( $user_login );

View File

@ -27,6 +27,9 @@ case 'register':
$errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
}
if ( ! validate_username($user_login) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid. Please enter a valid username.');
if ( username_exists( $user_login ) )
$errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');