Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
11/14/2013 03:43:43 PM (6 years ago)
Author:
boonebgorges
Message:

Remove BuddyPress's restriction spaces in user_login

BuddyPress has historically enforced a no-spaces rule on user_login during
user registration. Originally this was rooted in WPMU's own peculiar character
restrictions, and when the MU requirement was dropped, the same restrictions
were carried over to WordPress Single.

However, these restrictions have caused various problems. BP enforced the "no
spaces" rule during registration by simply swapping out spaces with hyphens and
not telling users. This caused immense confusion. Moreover, the restriction
caused problems when bypassing BP's native user registration, as when
integrating with an external authentication service; these external usernames
*can* sometimes have spaces, and certain areas of BuddyPress were not equipped
to deal with them.

This changeset removes the no-spaces restriction from BuddyPress, and hands
off user_login validation to WordPress Multisite when possible (meaning that on
MS, spaces will still not be allowed during native registration). It also
makes the necessary adjustments throughout BuddyPress to ensure that spaces
in user_login will not break related functionality. On a normal setup, BP (and
WP) only use user_login for authentication, but several changes were necessary
to account for "username compatibility mode", where the user_login is displayed
publicly:

  • Refactor the way that activity @-mentions work in username compatibility mode. We now have functions for converting user IDs to "mentionname" (and vice versa) which will produce @-mention-safe versions of user_nicename or user_login, as appropriate.
  • Use proper URL encoding when building and parsing URLs that contain usernames when compatibility mode is enabled.
  • Fix private messaging autocomplete to work with spaces.

See #4622

Fixes #5185

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-members/bp-members-functions.php

    r7562 r7570  
    270270    }
    271271
    272     // Check $username for empty spaces and default to nicename if found
    273     if ( strstr( $username, ' ' ) ) {
    274         $username = bp_members_get_user_nicename( $user_id );
    275     }
    276 
    277272    // Add this to cache
    278273    if ( ( true === $update_cache ) && !empty( $username ) ) {
     
    945940    }
    946941}
    947 
    948 /**
    949  * Strips spaces from usernames that are created using add_user() and wp_insert_user()
    950  *
    951  * @package BuddyPress Core
    952  */
    953 function bp_core_strip_username_spaces( $username ) {
    954     // Don't alter the user_login of existing users, as it causes user_nicename problems.
    955     // See http://trac.buddypress.org/ticket/2642
    956     if ( username_exists( $username ) && ( !bp_is_username_compatibility_mode() ) )
    957         return $username;
    958 
    959     return str_replace( ' ', '-', $username );
    960 }
    961 add_action( 'pre_user_login', 'bp_core_strip_username_spaces' );
    962942
    963943/**
     
    11731153function bp_core_validate_user_signup( $user_name, $user_email ) {
    11741154
    1175     $errors = new WP_Error();
    1176 
    1177     // Apply any user_login filters added by BP or other plugins before validating
    1178     $user_name = apply_filters( 'pre_user_login', $user_name );
    1179 
    1180     if ( empty( $user_name ) )
    1181         $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
    1182 
    11831155    // Make sure illegal names include BuddyPress slugs and values
    11841156    bp_core_flush_illegal_names();
    11851157
    1186     $illegal_names = get_site_option( 'illegal_names' );
    1187 
    1188     if ( in_array( $user_name, (array) $illegal_names ) )
    1189         $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
    1190 
    1191     if ( ! validate_username( $user_name ) ) {
    1192         // Check for capital letters when on multisite.
    1193         //
    1194         // If so, throw a different error message.
    1195         // @see #5175
    1196         if ( is_multisite() ) {
    1197             $match = array();
    1198             preg_match( '/[A-Z]/', $user_name, $match );
    1199 
    1200             if ( ! empty( $match ) ) {
    1201                 $errors->add( 'user_name', __( 'Username must be in lowercase characters', 'buddypress' ) );
    1202             }
    1203 
    1204         } else {
     1158    // WordPress Multisite has its own validation. Use it, so that we
     1159    // properly mirror restrictions on username, etc.
     1160    if ( function_exists( 'wpmu_validate_user_signup' ) ) {
     1161        $result = wpmu_validate_user_signup( $user_name, $user_email );
     1162
     1163    // When not running Multisite, we perform our own validation. What
     1164    // follows reproduces much of the logic of wpmu_validate_user_signup(),
     1165    // minus the multisite-specific restrictions on user_login
     1166    } else {
     1167        $errors = new WP_Error();
     1168
     1169        // Apply any user_login filters added by BP or other plugins before validating
     1170        $user_name = apply_filters( 'pre_user_login', $user_name );
     1171
     1172        // User name can't be empty
     1173        if ( empty( $user_name ) ) {
     1174            $errors->add( 'user_name', __( 'Please enter a username', 'buddypress' ) );
     1175        }
     1176
     1177        // user name can't be on the blacklist
     1178        $illegal_names = get_site_option( 'illegal_names' );
     1179        if ( in_array( $user_name, (array) $illegal_names ) ) {
     1180            $errors->add( 'user_name', __( 'That username is not allowed', 'buddypress' ) );
     1181        }
     1182
     1183        // User name must pass WP's validity check
     1184        if ( ! validate_username( $user_name ) ) {
    12051185            $errors->add( 'user_name', __( 'Usernames can contain only letters, numbers, ., -, and @', 'buddypress' ) );
    12061186        }
    1207     }
    1208 
    1209     if( strlen( $user_name ) < 4 )
    1210         $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
    1211 
    1212     if ( strpos( ' ' . $user_name, '_' ) != false )
    1213         $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
    1214 
    1215     // Is the user_name all numeric?
    1216     $match = array();
    1217     preg_match( '/[0-9]*/', $user_name, $match );
    1218 
    1219     if ( $match[0] == $user_name )
    1220         $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
    1221 
    1222     // Check if the username has been used already.
    1223     if ( username_exists( $user_name ) )
    1224         $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
    1225 
    1226     // Validate the email address and process the validation results into
    1227     // error messages
    1228     $validate_email = bp_core_validate_email_address( $user_email );
    1229     bp_core_add_validation_error_messages( $errors, $validate_email );
    1230 
    1231     // Assemble the return array
    1232     $result = array( 'user_name' => $user_name, 'user_email' => $user_email, 'errors' => $errors );
    1233 
    1234     // Apply WPMU legacy filter
    1235     $result = apply_filters( 'wpmu_validate_user_signup', $result );
     1187
     1188        // Minimum of 4 characters
     1189        if ( strlen( $user_name ) < 4 ) {
     1190            $errors->add( 'user_name',  __( 'Username must be at least 4 characters', 'buddypress' ) );
     1191        }
     1192
     1193        // No underscores. @todo Why not?
     1194        if ( false !== strpos( ' ' . $user_name, '_' ) ) {
     1195            $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character "_"!', 'buddypress' ) );
     1196        }
     1197
     1198        // No usernames that are all numeric. @todo Why?
     1199        $match = array();
     1200        preg_match( '/[0-9]*/', $user_name, $match );
     1201        if ( $match[0] == $user_name ) {
     1202            $errors->add( 'user_name', __( 'Sorry, usernames must have letters too!', 'buddypress' ) );
     1203        }
     1204
     1205        // Check if the username has been used already.
     1206        if ( username_exists( $user_name ) ) {
     1207            $errors->add( 'user_name', __( 'Sorry, that username already exists!', 'buddypress' ) );
     1208        }
     1209
     1210        // Validate the email address and process the validation results into
     1211        // error messages
     1212        $validate_email = bp_core_validate_email_address( $user_email );
     1213        bp_core_add_validation_error_messages( $errors, $validate_email );
     1214
     1215        // Assemble the return array
     1216        $result = array(
     1217            'user_name'  => $user_name,
     1218            'user_email' => $user_email,
     1219            'errors'     => $errors,
     1220        );
     1221
     1222        // Apply WPMU legacy filter
     1223        $result = apply_filters( 'wpmu_validate_user_signup', $result );
     1224    }
    12361225
    12371226    return apply_filters( 'bp_core_validate_user_signup', $result );
Note: See TracChangeset for help on using the changeset viewer.