Changeset 7570

Timestamp:

11/14/2013 03:43:43 PM (11 years ago)

Author:

boonebgorges

Message:

Remove BuddyPress's restriction spaces in user_login

BuddyPress has historically enforced a no-spaces rule on user_login during
user registration. Originally this was rooted in WPMU's own peculiar character
restrictions, and when the MU requirement was dropped, the same restrictions
were carried over to WordPress Single.

However, these restrictions have caused various problems. BP enforced the "no
spaces" rule during registration by simply swapping out spaces with hyphens and
not telling users. This caused immense confusion. Moreover, the restriction
caused problems when bypassing BP's native user registration, as when
integrating with an external authentication service; these external usernames
*can* sometimes have spaces, and certain areas of BuddyPress were not equipped
to deal with them.

This changeset removes the no-spaces restriction from BuddyPress, and hands
off user_login validation to WordPress Multisite when possible (meaning that on
MS, spaces will still not be allowed during native registration). It also
makes the necessary adjustments throughout BuddyPress to ensure that spaces
in user_login will not break related functionality. On a normal setup, BP (and
WP) only use user_login for authentication, but several changes were necessary
to account for "username compatibility mode", where the user_login is displayed
publicly:

• Refactor the way that activity @-mentions work in username compatibility mode. We now have functions for converting user IDs to "mentionname" (and vice versa) which will produce @-mention-safe versions of user_nicename or user_login, as appropriate.
• Use proper URL encoding when building and parsing URLs that contain usernames when compatibility mode is enabled.
• Fix private messaging autocomplete to work with spaces.

See #4622

Fixes #5185

Location:

trunk

Files:

• bp-activity/bp-activity-functions.php (modified) (2 diffs)
• bp-activity/bp-activity-template.php (modified) (3 diffs)
• bp-members/bp-members-functions.php (modified) (3 diffs)
• bp-messages/bp-messages-functions.php (modified) (1 diff)
• bp-templates/bp-legacy/buddypress-functions.php (modified) (1 diff)
• bp-templates/bp-legacy/buddypress/members/single/member-header.php (modified) (1 diff)
• bp-themes/bp-default/_inc/ajax.php (modified) (1 diff)
• bp-themes/bp-default/members/single/member-header.php (modified) (1 diff)
• tests/testcases/activity/functions.php (modified) (1 diff)

trunk/bp-activity/bp-activity-functions.php

@@ -73 +73 @@
     // We've found some mentions! Check to see if users exist
     foreach( (array) $usernames as $key => $username ) {
-        if ( bp_is_username_compatibility_mode() ) {
-            $user_id = username_exists( $username );
-        } else {
-            $user_id = bp_core_get_userid_from_nicename( $username );
-        }
+        $user_id = bp_activity_get_userid_from_mentionname( $username );
 
         // user ID exists, so let's add it to our array
@@ -246 +242 @@
 
     return $return;
+}
+
+/**
+ * Determine a user's "mentionname", the name used for that user in @-mentions.
+ *
+ * @since BuddyPress (1.9.0)
+ *
+ * @return string User name appropriate for @-mentions.
+ */
+function bp_activity_get_user_mentionname( $user_id ) {
+    $mentionname = '';
+
+    $userdata = bp_core_get_core_userdata( $user_id );
+
+    if ( $userdata ) {
+        if ( bp_is_username_compatibility_mode() ) {
+            $mentionname = str_replace( ' ', '-', $userdata->user_login );
+        } else {
+            $mentionname = $userdata->user_nicename;
+        }
+    }
+
+    return $mentionname;
+}
+
+/**
+ * Get a user ID from a "mentionname", the name used for a user in @-mentions.
+ *
+ * @since BuddyPress (1.9.0)
+ *
+ * @return int|bool ID of the user, if one is found. Otherwise false.
+ */
+function bp_activity_get_userid_from_mentionname( $mentionname ) {
+    $user_id = false;
+
+    // In username compatibility mode, hyphens are ambiguous between
+    // actual hyphens and converted spaces.
+    //
+    // @todo There is the potential for username clashes between 'foo bar'
+    // and 'foo-bar' in compatibility mode. Come up with a system for
+    // unique mentionnames.
+    if ( bp_is_username_compatibility_mode() ) {
+        // First, try the raw username
+        $userdata = get_user_by( 'login', $mentionname );
+
+        // Doing a direct query to use proper regex. Necessary to
+        // account for hyphens + spaces in the same user_login.
+        if ( empty( $userdata ) || ! is_a( $userdata, 'WP_User' ) ) {
+            global $wpdb;
+            $regex   = esc_sql( str_replace( '-', '[ \-]', $mentionname ) );
+            $user_id = $wpdb->get_var( "SELECT ID FROM {$wpdb->users} WHERE user_login REGEXP '{$regex}'" );
+        } else {
+            $user_id = $userdata->ID;
+        }
+
+    // When username compatibility mode is disabled, the mentionname is
+    // the same as the nicename
+    } else {
+        $user_id = bp_core_get_userid_from_nicename( $mentionname );
+    }
+
+
+    return $user_id;
 }
 

trunk/bp-activity/bp-activity-template.php

@@ -584 +584 @@
 
                     // Start search at @ symbol and stop search at closing tag delimiter.
-                    $search_terms     = '@' . bp_core_get_username( $user_id ) . '<';
+                    $search_terms     = '@' . bp_activity_get_user_mentionname( $user_id ) . '<';
                     $display_comments = 'stream';
                     $user_id = 0;
@@ -2719 +2719 @@
             return false;
 
-        return apply_filters( 'bp_get_send_public_message_link', wp_nonce_url( bp_get_activity_directory_permalink() . '?r=' . bp_get_displayed_user_username() ) );
-    }
+        return apply_filters( 'bp_get_send_public_message_link', wp_nonce_url( bp_get_activity_directory_permalink() . '?r=' . bp_get_displayed_user_mentionname() ) );
+    }
+
 
 /**
@@ -2920 +2921 @@
     }
 
+/**
+ * Output the mentionname for the displayed user.
+ *
+ * @since BuddyPress (1.9.0)
+ */
+function bp_displayed_user_mentionname() {
+    echo bp_get_displayed_user_mentionname();
+}
+    /**
+     * Get the mentionname for the displayed user.
+     *
+     * @since BuddyPress (1.9.0)
+     *
+     * @return string Mentionname for the displayed user, if available.
+     */
+    function bp_get_displayed_user_mentionname() {
+        return apply_filters( 'bp_get_displayed_user_mentionname', bp_activity_get_user_mentionname( bp_displayed_user_id() ) );
+    }
 
 /**

trunk/bp-members/bp-members-functions.php

@@ -270 +270 @@
     }
 
-    // Check $username for empty spaces and default to nicename if found
-    if ( strstr( $username, ' ' ) ) {
-        $username = bp_members_get_user_nicename( $user_id );
-    }
-
     // Add this to cache
     if ( ( true === $update_cache ) && !empty( $username ) ) {
@@ -945 +940 @@
     }
 }
-
-/**
- * Strips spaces from usernames that are created using add_user() and wp_insert_user()
- *
- * @package BuddyPress Core
- */
-function bp_core_strip_username_spaces( $username ) {
-    // Don't alter the user_login of existing users, as it causes user_nicename problems.
-    // See http://trac.buddypress.org/ticket/2642
-    if ( username_exists( $username ) && ( !bp_is_username_compatibility_mode() ) )
-        return $username;
-
-    return str_replace( ' ', '-', $username );
-}
-add_action( 'pre_user_login', 'bp_core_strip_username_spaces' );
 
 /**
@@ -1173 +1153 @@
 function bp_core_validate_user_signup( $user_name, $user_email ) {
 
-    $errors = new WP_Error();
-
-    // Apply any user_login filters added by BP or other plugins before validating
-    $user_name = apply_filters( 'pre_user_login', $user_name );
-
-    if ( empty( $user_name ) )
-        $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
-
     // Make sure illegal names include BuddyPress slugs and values
     bp_core_flush_illegal_names();
 
-    $illegal_names = get_site_option( 'illegal_names' );
-
-    if ( in_array( $user_name, (array) $illegal_names ) )
-        $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
-
-    if ( ! validate_username( $user_name ) ) {
-        // Check for capital letters when on multisite.
-        //
-        // If so, throw a different error message.
-        // @see #5175
-        if ( is_multisite() ) {
-            $match = array();
-            preg_match( '/[A-Z]/', $user_name, $match );
-
-            if ( ! empty( $match ) ) {
-                $errors->add( 'user_name', __( 'Username must be in lowercase characters', 'buddypress' ) );
-            }
-
-        } else {
+    // WordPress Multisite has its own validation. Use it, so that we
+    // properly mirror restrictions on username, etc.
+    if ( function_exists( 'wpmu_validate_user_signup' ) ) {
+        $result = wpmu_validate_user_signup( $user_name, $user_email );
+
+    // When not running Multisite, we perform our own validation. What
+    // follows reproduces much of the logic of wpmu_validate_user_signup(),
+    // minus the multisite-specific restrictions on user_login
+    } else {
+        $errors = new WP_Error();
+
+        // Apply any user_login filters added by BP or other plugins before validating
+        $user_name = apply_filters( 'pre_user_login', $user_name );
+
+        // User name can't be empty
+        if ( empty( $user_name ) ) {
+            $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
+        }
+
+        // user name can't be on the blacklist
+        $illegal_names = get_site_option( 'illegal_names' );
+        if ( in_array( $user_name, (array) $illegal_names ) ) {
+            $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
+        }
+
+        // User name must pass WP's validity check
+        if ( ! validate_username( $user_name ) ) {
             $errors->add( 'user_name', __( 'Usernames can contain only letters, numbers, ., -, and @', 'buddypress' ) );
         }
-    }
-
-    if( strlen( $user_name ) < 4 )
-        $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
-
-    if ( strpos( ' ' . $user_name, '_' ) != false )
-        $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
-
-    // Is the user_name all numeric?
-    $match = array();
-    preg_match( '/[0-9]*/', $user_name, $match );
-
-    if ( $match[0] == $user_name )
-        $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
-
-    // Check if the username has been used already.
-    if ( username_exists( $user_name ) )
-        $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
-
-    // Validate the email address and process the validation results into
-    // error messages
-    $validate_email = bp_core_validate_email_address( $user_email );
-    bp_core_add_validation_error_messages( $errors, $validate_email );
-
-    // Assemble the return array
-    $result = array( 'user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors );
-
-    // Apply WPMU legacy filter
-    $result = apply_filters( 'wpmu_validate_user_signup', $result );
+
+        // Minimum of 4 characters
+        if ( strlen( $user_name ) < 4 ) {
+            $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
+        }
+
+        // No underscores. @todo Why not?
+        if ( false !== strpos( ' ' . $user_name, '_' ) ) {
+            $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
+        }
+
+        // No usernames that are all numeric. @todo Why?
+        $match = array();
+        preg_match( '/[0-9]*/', $user_name, $match );
+        if ( $match[0] == $user_name ) {
+            $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
+        }
+
+        // Check if the username has been used already.
+        if ( username_exists( $user_name ) ) {
+            $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
+        }
+
+        // Validate the email address and process the validation results into
+        // error messages
+        $validate_email = bp_core_validate_email_address( $user_email );
+        bp_core_add_validation_error_messages( $errors, $validate_email );
+
+        // Assemble the return array
+        $result = array(
+            'user_name'  => $user_name,
+            'user_email' => $user_email,
+            'errors'     => $errors,
+        );
+
+        // Apply WPMU legacy filter
+        $result = apply_filters( 'wpmu_validate_user_signup', $result );
+    }
 
     return apply_filters( 'bp_core_validate_user_signup', $result );

trunk/bp-messages/bp-messages-functions.php

@@ -78 +78 @@
             // @see http://buddypress.trac.wordpress.org/ticket/5151
             if ( bp_is_username_compatibility_mode() ) {
-                $recipient_id = bp_core_get_userid( $recipient );
+                $recipient_id = bp_core_get_userid( urldecode( $recipient ) );
             } else {
                 $recipient_id = bp_core_get_userid_from_nicename( $recipient );

trunk/bp-templates/bp-legacy/buddypress-functions.php

@@ -1336 +1336 @@
 
             if ( bp_is_username_compatibility_mode() ) {
-                $username = $ud->user_login;
+                // Sanitize for spaces. Use urlencode() rather
+                // than rawurlencode() because %20 breaks JS
+                $username = urlencode( $ud->user_login );
             } else {
                 $username = $ud->user_nicename;

trunk/bp-templates/bp-legacy/buddypress/members/single/member-header.php

@@ -23 +23 @@
 
     <?php if ( bp_is_active( 'activity' ) && bp_activity_do_mentions() ) : ?>
-        <h2 class="user-nicename">@<?php bp_displayed_user_username(); ?></h2>
+        <h2 class="user-nicename">@<?php bp_displayed_user_mentionname(); ?></h2>
     <?php endif; ?>
 

trunk/bp-themes/bp-default/_inc/ajax.php

@@ -983 +983 @@
 
             if ( bp_is_username_compatibility_mode() ) {
-                $username = $ud->user_login;
+                // Sanitize for spaces
+                $username = urlencode( $ud->user_login );
             } else {
                 $username = $ud->user_nicename;

trunk/bp-themes/bp-default/members/single/member-header.php

@@ -27 +27 @@
 
     <?php if ( bp_is_active( 'activity' ) && bp_activity_do_mentions() ) : ?>
-        <span class="user-nicename">@<?php bp_displayed_user_username(); ?></span>
+        <span class="user-nicename">@<?php bp_displayed_user_mentionname(); ?></span>
     <?php endif; ?>
 

trunk/tests/testcases/activity/functions.php

@@ -101 +101 @@
         $this->assertEquals( $meta_value, bp_activity_get_meta( $a, 'linebreak_test' ) );
     }
+
+    /**
+     * @group bp_activity_get_user_mentionname
+     */
+    public function test_bp_activity_get_user_mentionname_compatibilitymode_off() {
+        add_filter( 'bp_is_username_compatibility_mode', '__return_false' );
+
+        $u = $this->create_user( array(
+            'user_login' => 'foo bar baz',
+            'user_nicename' => 'foo-bar-baz',
+        ) );
+
+        $this->assertEquals( 'foo-bar-baz', bp_activity_get_user_mentionname( $u ) );
+
+        remove_filter( 'bp_is_username_compatibility_mode', '__return_false' );
+    }
+
+    /**
+     * @group bp_activity_get_user_mentionname
+     */
+    public function test_bp_activity_get_user_mentionname_compatibilitymode_on() {
+        add_filter( 'bp_is_username_compatibility_mode', '__return_true' );
+
+        $u1 = $this->create_user( array(
+            'user_login' => 'foo bar baz',
+            'user_nicename' => 'foo-bar-baz',
+        ) );
+
+        $u2 = $this->create_user( array(
+            'user_login' => 'foo.bar.baz',
+            'user_nicename' => 'foo-bar-baz',
+        ) );
+
+        $this->assertEquals( 'foo-bar-baz', bp_activity_get_user_mentionname( $u1 ) );
+        $this->assertEquals( 'foo.bar.baz', bp_activity_get_user_mentionname( $u2 ) );
+
+        remove_filter( 'bp_is_username_compatibility_mode', '__return_true' );
+    }
+
+    /**
+     * @group bp_activity_get_userid_from_mentionname
+     */
+    public function test_bp_activity_get_userid_from_mentionname_compatibilitymode_off() {
+        add_filter( 'bp_is_username_compatibility_mode', '__return_false' );
+
+        $u = $this->create_user( array(
+            'user_login' => 'foo bar baz',
+            'user_nicename' => 'foo-bar-baz',
+        ) );
+
+        $this->assertEquals( $u, bp_activity_get_userid_from_mentionname( 'foo-bar-baz' ) );
+
+        remove_filter( 'bp_is_username_compatibility_mode', '__return_false' );
+    }
+
+    /**
+     * @group bp_activity_get_userid_from_mentionname
+     */
+    public function test_bp_activity_get_userid_from_mentionname_compatibilitymode_on() {
+        add_filter( 'bp_is_username_compatibility_mode', '__return_true' );
+
+        // all spaces are hyphens
+        $u1 = $this->create_user( array(
+            'user_login' => 'foo bar baz',
+            'user_nicename' => 'foobarbaz',
+        ) );
+
+        // no spaces are hyphens
+        $u2 = $this->create_user( array(
+            'user_login' => 'foo-bar-baz-1',
+            'user_nicename' => 'foobarbaz-1',
+        ) );
+
+        // some spaces are hyphens
+        $u3 = $this->create_user( array(
+            'user_login' => 'foo bar-baz 2',
+            'user_nicename' => 'foobarbaz-2',
+        ) );
+
+        $u4 = $this->create_user( array(
+            'user_login' => 'foo.bar.baz',
+            'user_nicename' => 'foo-bar-baz',
+        ) );
+
+        $this->assertEquals( $u1, bp_activity_get_userid_from_mentionname( 'foo-bar-baz' ) );
+        $this->assertEquals( $u2, bp_activity_get_userid_from_mentionname( 'foo-bar-baz-1' ) );
+        $this->assertEquals( $u3, bp_activity_get_userid_from_mentionname( 'foo-bar-baz-2' ) );
+        $this->assertEquals( $u4, bp_activity_get_userid_from_mentionname( 'foo.bar.baz' ) );
+
+        remove_filter( 'bp_is_username_compatibility_mode', '__return_true' );
+    }
+
 }