Opened 13 years ago
Closed 7 years ago
#3407 closed enhancement (maybelater)
Limit the length of display names
Reported by: | r-a-y | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | 1.2 |
Component: | Core | Keywords: | needs-patch, trac-tidy-2018 |
Cc: |
Description
Example:
http://testbp.org/members/shouji/#activity-105691
Highly unlikely a legitimate user will abuse this, but anyway a simple strlen check should do the trick.
Change History (10)
#3
@
12 years ago
- Keywords needs-patch added; close removed
However, if we limit display names, we should limit username length
I don't know about this. BP display names are clearly under BP jurisdiction, and if we can prevent one vector of attack, I think we should go ahead and do so. (Note that the user_login and user_nicename for the testbp.org spammer above isn't long anyway.) So I tend to agree with your initial assessment that we can do a lot of good by doing this check in BP core.
Two concerns:
- Our length check should be multibyte-friendly for non-latin languages
- We should not hardcode the upper limit - at the very least, we should have a filter on it
#4
@
12 years ago
I don't know about this. BP display names are clearly under BP jurisdiction, and if we can prevent one vector of attack, I think we should go ahead and do so.
True, but if we limit display name length on the registration page, then people will definitely ask why we're not doing the same for usernames.
#5
@
10 years ago
r-a-y, have the last 14 months given you any additional wise insights about this issue? :)
#6
follow-up:
↓ 7
@
10 years ago
- Keywords dev-feedback added
See also #6367, which is about username length.
I still think that if we limit display name length, that we should also do the same for user_login / user_nicename.
Perhaps add a filter for length that is discussed in comment:3, but don't add a cap for upper limit. That way, devs can easily add their length requirements.
#7
in reply to:
↑ 6
@
10 years ago
Replying to r-a-y:
See also #6367, which is about username length.
I still think that if we limit display name length, that we should also do the same for user_login / user_nicename.
Why? I don't understand the connection. Aside from the fact, mentioned above, that user_login/user_nicename are not BP's data, there's the additional fact that we hardly ever display login/nicename in the interface. The only place I can think of is the @-mention interface. Display names, on the other hand, are shown everywhere, and so can cause layout issues. Unless you have a reason for wanting to limit the length of login/nicename that is not related to page layout?
#8
@
8 years ago
- Keywords dev-feedback removed
I don't think we should limit these beyond making sure nothing goes amiss if MySQL truncates long values on INSERT/UPDATE. We sure as heck should not mess with anything in wp_users table.
#9
@
7 years ago
- Keywords trac-tidy-2018 added
We're closing this ticket because it has not received any contribution or comments for at least two years. We have decided that it is better to close tickets that are good ideas, which have not gotten (or are unlikely to get) contributions, rather than keep things open indefinitely. This will help us share a more realistic roadmap for BuddyPress with you.
Everyone very much appreciates the time and effort that you spent sharing your idea with us. On behalf of the entire BuddyPress team, thank you.
If you feel strongly that this enhancement should still be added to BuddyPress, and you are able to contribute effort towards it, we encourage you to re-open the ticket, or start a discussion about it in our Slack channel. Please consider that time has proven that good ideas without contributions do not get built.
For more information, see https://bpdevel.wordpress.com/2018/01/21/our-awaiting-contributions-milestone-contains/
or find us on Slack, in the #buddypress channel: https://make.wordpress.org/chat/
If you view the example above, I still think this is a good reason why we should consider this for core.
However, if we limit display names, we should limit username length and since user registration falls under WordPress jurisdiction, I'm reluctant to add this.
So based on that, I'd partial to this being a plugin instead of core. Adding the "close" keyword, but feel free to really close it!