Skip to:
Content

Opened 8 years ago

Closed 8 years ago

#1860 closed defect (bug) (worksforme)

Valid characters in Wordpress usernames cause issues in BuddyPress

Reported by: Zooney Owned by:
Milestone: 1.2.3 Priority: major
Severity: Version:
Component: Activity Keywords: usernames, special characters, characters
Cc: Zooney, louiechristie

Description

Usernames with "@" or "." characters appear to be perfectly valid as Wordpress usernames. However, when these characters appear in usernames, BuddyPress will exhibit odd behavior that appears to be centered around urls containing these usernames.

Versions:
Wordpress 2.8.6
BuddyPress 1.1.3

Steps to reproduce:

  1. Create a user in Wordpress Mu with the username "smith.1"
  2. Log in as user "smith.1"
  3. Click on "My Account", the "smith.1" link next to the log out link, or any link which should take you to that accounts profile
  4. You will be redirected to the BuddyPress home page

Notes:
I've noted in experiments running on localhost, URIs created by BuddyPress for user "smith.1" are re-written as "smith-1"

Placing an "@" symbol in the username causes a similar issue although this character simply seems to be omitted from any generated URIs

On a server running CentOS, I don't seem to be getting the same issue with altered URIs noted above, but I get similar, peculiar redirects to the BuddyPress homepage while performing various tasks

These issues do not occur for usernames which are composed simply of alphanumeric characters

Attachments (1)

smithdot1.jpg (78.4 KB) - added by Zooney 8 years ago.
Shows one example of affected link (note link text at bottom left of image)

Download all attachments as: .zip

Change History (21)

#1 @DJPaul
8 years ago

  • Resolution set to invalid
  • Status changed from new to closed

You need to set the following in your wp-config.php:

define( 'BP_ENABLE_USERNAME_COMPATIBILITY_MODE', true );

#2 @Zooney
8 years ago

  • Cc Zooney added
  • Resolution invalid deleted
  • Status changed from closed to reopened

Enabling the BP_ENABLE_USERNAME_COMPATIBILITY_MODE option in wp-config.php resolved a few of these issues, but other links are still unaffected.

For instance, a user named smith.1 still has "smith-1" URIs appearing for links in the user's profile such as:

  • Avatar Image
  • Activity
  • Profile
  • Blogs
  • Wire
  • Messages
  • Friends
  • Groups
  • Settings

My Profile

  • Public
  • Edit Profile
  • Change Avatar

Also, when a user is visiting another user's profile, links in the second column such as:

  • Activity
  • Profile
  • Blogs
  • Wire
  • Friends
  • Groups

...are still being created with the "smith-1" URI.

Similarly, for these links, "@" characters are still being omitted.

@Zooney
8 years ago

Shows one example of affected link (note link text at bottom left of image)

#3 @Zooney
8 years ago

Note "Avatar Image" is not an affected link, this text simply carried over from a direct cut-and-paste of the interface.

#4 follow-up: @apeatling
8 years ago

  • Resolution set to worksforme
  • Status changed from reopened to closed

Please try this in 1.2-rc2 since this has all changed so much.

#5 in reply to: ↑ 4 @louiechristie
8 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Bug still present in 1.2-rc2

#6 @apeatling
8 years ago

  • Resolution set to invalid
  • Status changed from reopened to closed

Do these links actually work though? Even with the compatibility mode setting, the links will still use dashes in the URL since dots are illegal in URLs and may break for some people. Please reopen this bug if the links don't actually work.

#7 @apeatling
8 years ago

I can't do the above because then values are not overwritten using bp_forums_bbpress_write(). A simple addslashes() call on the keys seemed to fix things without any issues.

#8 @apeatling
8 years ago

Wrong bug, ignore the last comment. :)

#9 @louiechristie
8 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

I've tested and with username smith.1 links such as My Account->Profile do not work in the following scenarios:

#10 @louiechristie
8 years ago

  • Cc louiechristie added

#11 @apeatling
8 years ago

Ok, thanks for the confirmation I'll do a run through and fix up links that are not working.

#12 @apeatling
8 years ago

I've just added a user with the username andy.peatling into the database. I've added the BP_ENABLE_USERNAME_COMPATIBILITY_MODE line to my wp-config.php and checked all the links. I can't find a single broken link, they all contain the correct andy.peatling URL.

Have you added the BP_ENABLE_USERNAME_COMPATIBILITY_MODE setting above the "stop editing" line in your wp-config.php?

#13 @apeatling
8 years ago

  • Resolution set to worksforme
  • Status changed from reopened to closed

Reopen if you still have the problem, but I can't do anything until it can be reproduced.

#14 follow-up: @Zooney
8 years ago

It seems that adding the define statement above the "stop editing" line has resolved the issue... ...heh... heh, heh... d'oh.

Although there still seems to be a nagging issue where the "Create a group" link, and attempting to post to one's own wire when the account name contains an "@" symbol. This is a separate issue and I'll post a new report.

#15 in reply to: ↑ 14 @Zooney
8 years ago

Replying to Zooney:

Although there still seems to be a nagging issue where the "Create a group" link, and attempting to post to one's own wire when the account name contains an "@" symbol. This is a separate issue and I'll post a new report.

...this should have read:

Although there still seems to be a nagging issue where the "Create a group" link, and attempting to post to one's own wire when the account name contains an "@" symbol redirects the user to the BuddyPress home page.

#16 @louiechristie
8 years ago

Yep, moving BP_ENABLE_USERNAME_COMPATIBILITY_MODE from the end of wp-config.php to above /* That's all, stop editing! Happy blogging. */ worked for me too.

Thanks.

#17 follow-up: @timnicholson
8 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

Setting BP_ENABLE_USERNAME_COMPATIBILITY_MODE does not fix all the issues in BP v1.2.1 member profile URL's. While it does change the URL's in the member directory and the URL's that are linked to that member's avatar, it does NOT change the URL's for the user that display in the activity stream (blue box by default). For some reason the URL in the activity stream uses the display name (or what BP calls the fullname, but its kept in sync with the WP display_name field).

Further, the BP logic to catch the URL and display the member page makes a very bad assumption that the user's name (nicename by default unless BP_ENABLE_USERNAME_COMPATIBILITY_MODE is set) is exactly the same as their user login. While defining this variable does fix that issue by forcing BP to use the login name, in the default configuration its a problem.

Also, the BP catch logic makes the very bad assumption that there will be no spaces orther unusual characters in the user's nicename. Again defining the compatibility mode variable eliminates this issue, but its an easy fix using urldecode() before looking up the user name.

Let's face it, people set their nicename to what they want displayed and we shouldn't have to force BP to use their often times ugly login names.

I have fixed these last two issues with some help in the forums and some experimentation, but I can't for the life of me figure out why the user profile links in the activity stream are still using the display name.

Here is my code. If this gets rolled into core, you'll want to also fix the scenario where BP_ENABLE_ROOT_PROFILES is set as I didn't bother handling that.

In the function bp_core_set_uri_globals() in /bp-core/bp-core-catchuri.php replace the code around the member profile URL's with this. Deleted lines are commented out with DEL and added line have ADD at the end of them. The other lines are untouched.

/* Catch a member page and set the current member ID */
if ( !defined( 'BP_ENABLE_ROOT_PROFILES' ) ) {

if ( ( $bp_uri[0] == BP_MEMBERS_SLUG && !empty( $bp_uri[1] ) )
in_array( 'wp-load.php', $bp_uri ) ) {

We are within a member page, set up user id globals

DEL $displayed_user_id = bp_core_get_displayed_userid( $bp_uri[1] );
if ( defined( 'BP_ENABLE_USERNAME_COMPATIBILITY_MODE' ) ) {
ADD

$displayed_user_id = bp_core_get_displayed_userid( urldecode($bp_uri[1]) );

} else { ADD

$user_temp = get_user_by('slug', urldecode($bp_uri[1]) ); ADD
$displayed_user_id = $user_temp->ID;
ADD

} ADD

unset($bp_uri[0]);
unset($bp_uri[1]);

#18 @cnorris23
8 years ago

  • Milestone changed from 1.2 to 1.2.3

#19 in reply to: ↑ 17 @nuprn1
8 years ago

  • Component set to Activity

Replying to timnicholson:

Here is what i did to get around the user_nicename issue
http://blog.etiviti.com/2010/02/forcing-buddypress-to-use-user_nicename-for-member-urls-and-mentions/

(though outdated for 1.2.1 and higher)

#20 @cnorris23
8 years ago

  • Resolution set to worksforme
  • Status changed from reopened to closed

This has been fixed as of BP 1.2.1... somewhat. It's not a retroactive fix (it won't fix current users with non-alpha-numeric characters), but I will prevent this issue from happening with future user registrations.

Usernames with "@" or "." characters appear to be perfectly valid as Wordpress usernames.

Usernames containing these characters weren't actually valid WP usernames. While they may have worked for login purposes, had you signed up through WP instead of BP, you would have been denied. Revision [2752] of BP (ended up being part of BP 1.2.1) switched to using a WP function to validate usernames. This function only allows alpha-numeric characters.

For those who have users experiencing this issue, might I suggest you offer to change their username to a valid username, or even allow them to pick a completely new username. User activity on both WP and BP is tied to a user ID, so changing their user name should only minimally affect them.

Note: See TracTickets for help on using tickets.