Skip to:
Content

BuddyPress.org

Opened 8 years ago

Closed 20 months ago

#3407 closed enhancement (maybelater)

Limit the length of display names

Reported by: r-a-y Owned by:
Milestone: Priority: normal
Severity: minor Version: 1.2
Component: Core Keywords: needs-patch, trac-tidy-2018
Cc:

Description

Example:
http://testbp.org/members/shouji/#activity-105691

Highly unlikely a legitimate user will abuse this, but anyway a simple strlen check should do the trick.

Change History (10)

#1 @DJPaul
8 years ago

  • Milestone changed from Awaiting Review to Future Release

#2 @r-a-y
7 years ago

  • Keywords close added

If you view the example above, I still think this is a good reason why we should consider this for core.

However, if we limit display names, we should limit username length and since user registration falls under WordPress jurisdiction, I'm reluctant to add this.

So based on that, I'd partial to this being a plugin instead of core. Adding the "close" keyword, but feel free to really close it!

#3 @boonebgorges
7 years ago

  • Keywords needs-patch added; close removed

However, if we limit display names, we should limit username length

I don't know about this. BP display names are clearly under BP jurisdiction, and if we can prevent one vector of attack, I think we should go ahead and do so. (Note that the user_login and user_nicename for the testbp.org spammer above isn't long anyway.) So I tend to agree with your initial assessment that we can do a lot of good by doing this check in BP core.

Two concerns:

  • Our length check should be multibyte-friendly for non-latin languages
  • We should not hardcode the upper limit - at the very least, we should have a filter on it

#4 @r-a-y
7 years ago

I don't know about this. BP display names are clearly under BP jurisdiction, and if we can prevent one vector of attack, I think we should go ahead and do so.

True, but if we limit display name length on the registration page, then people will definitely ask why we're not doing the same for usernames.

#5 @boonebgorges
5 years ago

r-a-y, have the last 14 months given you any additional wise insights about this issue? :)

#6 follow-up: @r-a-y
5 years ago

  • Keywords dev-feedback added

See also #6367, which is about username length.

I still think that if we limit display name length, that we should also do the same for user_login / user_nicename.

Perhaps add a filter for length that is discussed in comment:3, but don't add a cap for upper limit. That way, devs can easily add their length requirements.

Last edited 5 years ago by r-a-y (previous) (diff)

#7 in reply to: ↑ 6 @boonebgorges
5 years ago

Replying to r-a-y:

See also #6367, which is about username length.

I still think that if we limit display name length, that we should also do the same for user_login / user_nicename.

Why? I don't understand the connection. Aside from the fact, mentioned above, that user_login/user_nicename are not BP's data, there's the additional fact that we hardly ever display login/nicename in the interface. The only place I can think of is the @-mention interface. Display names, on the other hand, are shown everywhere, and so can cause layout issues. Unless you have a reason for wanting to limit the length of login/nicename that is not related to page layout?

#8 @DJPaul
3 years ago

  • Keywords dev-feedback removed

I don't think we should limit these beyond making sure nothing goes amiss if MySQL truncates long values on INSERT/UPDATE. We sure as heck should not mess with anything in wp_users table.

#9 @DJPaul
20 months ago

  • Keywords trac-tidy-2018 added

We're closing this ticket because it has not received any contribution or comments for at least two years. We have decided that it is better to close tickets that are good ideas, which have not gotten (or are unlikely to get) contributions, rather than keep things open indefinitely. This will help us share a more realistic roadmap for BuddyPress with you.

Everyone very much appreciates the time and effort that you spent sharing your idea with us. On behalf of the entire BuddyPress team, thank you.

If you feel strongly that this enhancement should still be added to BuddyPress, and you are able to contribute effort towards it, we encourage you to re-open the ticket, or start a discussion about it in our Slack channel. Please consider that time has proven that good ideas without contributions do not get built.

For more information, see https://bpdevel.wordpress.com/2018/01/21/our-awaiting-contributions-milestone-contains/
or find us on Slack, in the #buddypress channel: https://make.wordpress.org/chat/

#10 @DJPaul
20 months ago

  • Milestone Awaiting Contributions deleted
  • Resolution set to maybelater
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.