Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-10-01 08:37:55 +02:00
Code Issues Projects Releases Wiki Activity
aee733684b
WordPress/wp-admin/network
History
Boone Gorges a7e229637e Improve validation of user_login and user_nicename length. 
The `user_login` field only allows 60 characters, and `user_nicename` allows
50. However, there are no protections in the interface, and few in the code,
that prevent the creation of users with values in excess of these limits. Prior
to recent changes in `$wpdb`, users were generally created anyway, MySQL
having performed the necessary truncation. More recently, the `INSERT`s and
`UPDATE`s simply fail, with no real feedback on the nature of the failure.

This changeset addresses the issue in a number of ways:
* On the user-new.php and network/user-new.php panels, don't allow input in excess of the maximum field length.
* In `wp_insert_user()`, throw an error if the value provided for `'user_login'` or `'user_nicename'` exceeds the maximum field length.
* In `wp_insert_user()`, when using `'user_login'` to generate a default value for `'user_nicename'`, ensure that the nicename is properly truncated, even when suffixed for uniqueness (username-2, etc).

Props dipesh.kakadiya, utkarshpatel, tommarshall, boonebgorges.
Fixes #33793.
Built from https://develop.svn.wordpress.org/trunk@34218


git-svn-id: http://core.svn.wordpress.org/trunk@34182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 22:14:26 +00:00
..
about.php
admin.php Priority fixes for various existing hook documentation. 2014-04-12 00:01:15 +00:00
credits.php
edit.php Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/network/*. 2014-11-30 11:21:22 +00:00
freedoms.php
index.php Proper heading for admin screens. 2015-06-27 15:41:25 +00:00
menu.php Move network update submenu items to the Network Dashboard menu item 2015-05-19 17:00:29 +00:00
plugin-editor.php
plugin-install.php
plugins.php
profile.php
settings.php Move network_settings_add_js() from wp-admin/network/settings.php to wp-admin/includes/ms.php. 2015-09-10 22:24:24 +00:00
setup.php
site-info.php Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types. 2015-09-11 21:08:26 +00:00
site-new.php Passwords: Deprecate second parameter of wp_new_user_notification(). 2015-09-14 12:43:26 +00:00
site-settings.php Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types. 2015-09-11 21:08:26 +00:00
site-themes.php Multisite: Update help tab text for site-info.php to reference "site URL". 2015-09-05 20:53:24 +00:00
site-users.php Passwords: Deprecate second parameter of wp_new_user_notification(). 2015-09-14 12:43:26 +00:00
sites.php Handle MS Sites bulk action verification separately from individual actions. 2015-07-13 17:24:24 +00:00
theme-editor.php
theme-install.php
themes.php foreach is a statement, not a function. 2015-08-25 20:28:22 +00:00
update-core.php
update.php
upgrade.php Proper heading for admin screens. 2015-06-27 15:41:25 +00:00
user-edit.php
user-new.php Improve validation of user_login and user_nicename length. 2015-09-15 22:14:26 +00:00
users.php Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types. 2015-09-11 21:08:26 +00:00