Opened 10 years ago
Last modified 10 years ago
#6076 new defect (bug)
Name or other required profile fields can be whitespace
Reported by: | justinph | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Contributions | Priority: | normal |
Severity: | normal | Version: | 2.1 |
Component: | Extended Profile | Keywords: | needs-patch |
Cc: |
Description
When registering, a user can enter a single or multiple space characters into the Name field (note: not username).
While technically a space is a character, entries that are simply whitespace should probably not be allowed for any required profile field.
Once registered, users with spaces or null characters are difficult to sort in the users listing inside WordPress.
Attachments (2)
Change History (9)
#1
@
10 years ago
- Summary changed from Usernames can be a space to Name or other required profile fields can be whitespace
#3
@
10 years ago
This fails in php < 5.5. I just learned the hard way, empty() is a language construct (see: http://stackoverflow.com/a/2173318) and you can't pass it the result of a function prior to 5.5, it can only operate on a variable.
The new patch works and should be more compatible with earlier versions of php.
#4
@
10 years ago
Hi walbo, justinph; thank you for reporting the issue and working on a patch.
I can confirm the issue, and agree that whitespace-like characters probably shouldn't be accepted in a required field. :)
What we need to do next is test old versions of BuddyPress and see if this behaviour has always been the same, or if we broke something in a specific version of BuddyPress. Knowing this will inform us of how much consequence this kind of change might have or not.
(If I had to guess, I'd suspect I broke something in the 2.0 release when I re-wrote profile fields to use a new BP_XProfile_Field_Type
class.) :)
#5
@
10 years ago
- Component changed from Core to XProfile
- Milestone changed from Awaiting Review to Future Release
#6
@
10 years ago
- Keywords needs-patch added; has-patch removed
The patch addresses the validation logic done in the user registration process, but also needs to handle the edit profile field save handler. (This logic being duplicated is annoying and is a legacy issue that no-one's gotten around to consolidating yet.)
#7
@
10 years ago
agree that whitespace-like characters probably shouldn't be accepted in a required field
Just to clarify: we shouldn't allow values that consist of *nothing but* whitespace characters. We should, of course, continue to allow spaces.
Trimming the value of the $_POST
payload before saving seems fine to me.
Trim whitespace in required profile field