Ticket #5185: 5185.02.patch

bp-activity/bp-activity-functions.php

@@ -72 +72 @@
 
         // We've found some mentions! Check to see if users exist
         foreach( (array) $usernames as $key => $username ) {
-                if ( bp_is_username_compatibility_mode() ) {
-                        $user_id = username_exists( $username );
-                } else {
-                        $user_id = bp_core_get_userid_from_nicename( $username );
-                }
+                // Note: we always use the nicename for @-mentions, even with
+                // username_compatibility_mode()
+                $user_id = bp_core_get_userid_from_nicename( $username );
 
                 // user ID exists, so let's add it to our array
                 if ( ! empty( $user_id ) ) {

bp-activity/bp-activity-template.php

@@ -583 +583 @@
                                         }
 
                                         // Start search at @ symbol and stop search at closing tag delimiter.
-                                        $search_terms     = '@' . bp_core_get_username( $user_id ) . '<';
+                                        $search_terms     = '@' . bp_members_get_user_nicename( $user_id ) . '<';
                                         $display_comments = 'stream';
                                         $user_id = 0;
                                         break;
@@ -2719 +2719 @@
                 if ( bp_is_my_profile() || !is_user_logged_in() )
                         return false;
 
-                return apply_filters( 'bp_get_send_public_message_link', wp_nonce_url( bp_get_activity_directory_permalink() . '?r=' . bp_core_get_username( bp_displayed_user_id(), bp_get_displayed_user_username(), $bp->displayed_user->userdata->user_login ) ) );
+                return apply_filters( 'bp_get_send_public_message_link', wp_nonce_url( bp_get_activity_directory_permalink() . '?r=' . bp_get_displayed_user_nicename() ) );
         }
 
 /**

bp-members/bp-members-functions.php

@@ -269 +269 @@
                 $update_cache = false;
         }
 
-        // Check $username for empty spaces and default to nicename if found
-        if ( strstr( $username, ' ' ) ) {
-                $username = bp_members_get_user_nicename( $user_id );
-        }
-
         // Add this to cache
         if ( ( true === $update_cache ) && !empty( $username ) ) {
                 wp_cache_set( 'bp_user_username_' . $user_id, $username, 'bp' );
@@ -945 +940 @@
 }
 
 /**
- * Strips spaces from usernames that are created using add_user() and wp_insert_user()
- *
- * @package BuddyPress Core
- */
-function bp_core_strip_username_spaces( $username ) {
-        // Don't alter the user_login of existing users, as it causes user_nicename problems.
-        // See http://trac.buddypress.org/ticket/2642
-        if ( username_exists( $username ) && ( !bp_is_username_compatibility_mode() ) )
-                return $username;
-
-        return str_replace( ' ', '-', $username );
-}
-add_action( 'pre_user_login', 'bp_core_strip_username_spaces' );
-
-/**
  * When a user logs in, check if they have been marked as a spammer. If yes then simply
  * redirect them to the home page and stop them from logging in.
  *
@@ -1171 +1151 @@
  */
 function bp_core_validate_user_signup( $user_name, $user_email ) {
 
-        $errors = new WP_Error();
-
-        // Apply any user_login filters added by BP or other plugins before validating
-        $user_name = apply_filters( 'pre_user_login', $user_name );
-
-        if ( empty( $user_name ) )
-                $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
-
         // Make sure illegal names include BuddyPress slugs and values
         bp_core_flush_illegal_names();
 
-        $illegal_names = get_site_option( 'illegal_names' );
+        // WordPress Multisite has its own validation. Use it, so that we
+        // properly mirror restrictions on username, etc.
+        if ( function_exists( 'wpmu_validate_user_signup' ) ) {
+                $result = wpmu_validate_user_signup( $user_name, $user_email );
+
+        // What follows reproduces much of the logic of
+        // wpmu_validate_user_signup(), minus the multisite-specific
+        // restrictions on user_login
+        } else {
+                $errors = new WP_Error();
 
-        if ( in_array( $user_name, (array) $illegal_names ) )
-                $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
+                // Apply any user_login filters added by BP or other plugins before validating
+                $user_name = apply_filters( 'pre_user_login', $user_name );
 
-        if ( ! validate_username( $user_name ) ) {
-                // Check for capital letters when on multisite.
-                //
-                // If so, throw a different error message.
-                // @see #5175
-                if ( is_multisite() ) {
-                        $match = array();
-                        preg_match( '/[A-Z]/', $user_name, $match );
-        
-                        if ( ! empty( $match ) ) {
-                                $errors->add( 'user_name', __( 'Username must be in lowercase characters', 'buddypress' ) );
-                        }
+                // User name can't be empty
+                if ( empty( $user_name ) ) {
+                        $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
+                }
 
-                } else {
-                        $errors->add( 'user_name', __( 'Usernames can contain only letters, numbers, ., -, and @', 'buddypress' ) );
+                // User name can't be on the blacklist
+                $illegal_names = get_site_option( 'illegal_names' );
+                if ( in_array( $user_name, (array) $illegal_names ) ) {
+                        $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
                 }
-        }
 
-        if( strlen( $user_name ) < 4 )
-                $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
+                // User name must pass WP's check for validity
+                if ( ! validate_username( $user_name ) ) {
+                        $errors->add( 'user_name', __( 'Usernames can contain only letters, numbers, ., -, and @', 'buddypress' ) );
+                }
 
-        if ( strpos( ' ' . $user_name, '_' ) != false )
-                $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
+                // Minimum of 4 characters
+                if ( strlen( $user_name ) < 4 ) {
+                        $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
+                }
 
-        // Is the user_name all numeric?
-        $match = array();
-        preg_match( '/[0-9]*/', $user_name, $match );
+                // No underscores. @todo Why?
+                if ( false !== strpos( $user_name, '_' ) ) {
+                        $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
+                }
 
-        if ( $match[0] == $user_name )
-                $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
+                // Is the user_name all numeric?
+                $match = array();
+                preg_match( '/[0-9]*/', $user_name, $match );
+                if ( $match[0] == $user_name ) {
+                        $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
+                }
 
-        // Check if the username has been used already.
-        if ( username_exists( $user_name ) )
-                $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
+                // Check if the username has been used already.
+                if ( username_exists( $user_name ) ) {
+                        $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
+                }
 
-        // Validate the email address and process the validation results into
-        // error messages
-        $validate_email = bp_core_validate_email_address( $user_email );
-        bp_core_add_validation_error_messages( $errors, $validate_email );
+                // Validate the email address and process the validation results into
+                // error messages
+                $validate_email = bp_core_validate_email_address( $user_email );
+                bp_core_add_validation_error_messages( $errors, $validate_email );
 
-        // Assemble the return array
-        $result = array( 'user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors );
+                // Assemble the return array
+                $result = array(
+                        'user_name' => $user_name,
+                        'user_email' => $user_email,
+                        'errors' => $errors,
+                );
 
-        // Apply WPMU legacy filter
-        $result = apply_filters( 'wpmu_validate_user_signup', $result );
+                // Apply WPMU legacy filter
+                $result = apply_filters( 'wpmu_validate_user_signup', $result );
+        }
 
         return apply_filters( 'bp_core_validate_user_signup', $result );
 }

bp-members/bp-members-template.php

@@ -951 +951 @@
                 return apply_filters( 'bp_get_displayed_user_username', $username );
         }
 
+/**
+ * Output the user_nicename for the displayed user.
+ *
+ * @since BuddyPress (1.9.0)
+ */
+function bp_displayed_user_nicename() {
+        echo bp_get_displayed_user_nicename();
+}
+        /**
+         * Get the user_nicename for the displayed user.
+         *
+         * Use this function when you know you need the user_nicename.
+         * bp_get_displayed_user_username() is a more general function that
+         * accounts for the use of BP_ENABLE_USERNAME_COMPATIBILITY_MODE and
+         * other non-standard settings.
+         *
+         * @since BuddyPress (1.9.0)
+         *
+         * @return string user_nicename for the displayed user, if available.
+         */
+        function bp_get_displayed_user_nicename() {
+                if ( bp_displayed_user_id() ) {
+                        $user_nicename = buddypress()->displayed_user->userdata->user_nicename;
+                } else {
+                        $user_nicename = '';
+                }
+
+                return apply_filters( 'bp_get_displayed_user_nicename', $user_nicename );
+        }
+
 function bp_loggedin_user_username() {
         echo bp_get_loggedin_user_username();
 }

bp-messages/bp-messages-functions.php

@@ -77 +77 @@
                         // check user_login / nicename columns first
                         // @see http://buddypress.trac.wordpress.org/ticket/5151
                         if ( bp_is_username_compatibility_mode() ) {
-                                $recipient_id = bp_core_get_userid( $recipient );
+                                $recipient_id = bp_core_get_userid( urldecode( $recipient ) );
                         } else {
                                 $recipient_id = bp_core_get_userid_from_nicename( $recipient );
                         }

bp-templates/bp-legacy/buddypress-functions.php

@@ -1335 +1335 @@
                         }
 
                         if ( bp_is_username_compatibility_mode() ) {
-                                $username = $ud->user_login;
+                                // Sanitize for spaces. Use urlencode() rather
+                                // than rawurlencode() because %20 breaks JS
+                                $username = urlencode( $ud->user_login );
                         } else {
                                 $username = $ud->user_nicename;
                         }

bp-templates/bp-legacy/buddypress/members/single/member-header.php

@@ -22 +22 @@
 <div id="item-header-content">
 
         <?php if ( bp_is_active( 'activity' ) && bp_activity_do_mentions() ) : ?>
-                <h2 class="user-nicename">@<?php bp_displayed_user_username(); ?></h2>
+                <h2 class="user-nicename">@<?php bp_displayed_user_nicename(); ?></h2>
         <?php endif; ?>
 
         <span class="activity"><?php bp_last_activity( bp_displayed_user_id() ); ?></span>
@@ -62 +62 @@
 
 <?php do_action( 'bp_after_member_header' ); ?>
 
-<?php do_action( 'template_notices' ); ?>
- No newline at end of file
+<?php do_action( 'template_notices' ); ?>

bp-themes/bp-default/_inc/ajax.php

@@ -982 +982 @@
                         }
 
                         if ( bp_is_username_compatibility_mode() ) {
-                                $username = $ud->user_login;
+                                // Sanitize for spaces
+                                $username = urlencode( $ud->user_login );
                         } else {
                                 $username = $ud->user_nicename;
                         }

bp-themes/bp-default/members/single/member-header.php

@@ -26 +26 @@
         </h2>
 
         <?php if ( bp_is_active( 'activity' ) && bp_activity_do_mentions() ) : ?>
-                <span class="user-nicename">@<?php bp_displayed_user_username(); ?></span>
+                <span class="user-nicename">@<?php bp_displayed_user_nicename(); ?></span>
         <?php endif; ?>
 
         <span class="activity"><?php bp_last_activity( bp_displayed_user_id() ); ?></span>
@@ -66 +66 @@
 
 <?php do_action( 'bp_after_member_header' ); ?>
 
-<?php do_action( 'template_notices' ); ?>
- No newline at end of file
+<?php do_action( 'template_notices' ); ?>