Skip to:
Content

BuddyPress.org

Opened 10 years ago

Last modified 10 years ago

#6076 new defect (bug)

Name or other required profile fields can be whitespace

Reported by: justinph's profile justinph Owned by:
Milestone: Awaiting Contributions Priority: normal
Severity: normal Version: 2.1
Component: Extended Profile Keywords: needs-patch
Cc:

Description

When registering, a user can enter a single or multiple space characters into the Name field (note: not username).

While technically a space is a character, entries that are simply whitespace should probably not be allowed for any required profile field.

Once registered, users with spaces or null characters are difficult to sort in the users listing inside WordPress.

Attachments (2)

6076.01.diff (632 bytes) - added by walbo 10 years ago.
Trim whitespace in required profile field
6076.02.diff (665 bytes) - added by justinph 10 years ago.
Make compat with php prior to 5.5.

Download all attachments as: .zip

Change History (9)

#1 @justinph
10 years ago

  • Summary changed from Usernames can be a space to Name or other required profile fields can be whitespace

@walbo
10 years ago

Trim whitespace in required profile field

#2 @walbo
10 years ago

  • Keywords has-patch added

@justinph
10 years ago

Make compat with php prior to 5.5.

#3 @justinph
10 years ago

This fails in php < 5.5. I just learned the hard way, empty() is a language construct (see: http://stackoverflow.com/a/2173318) and you can't pass it the result of a function prior to 5.5, it can only operate on a variable.

The new patch works and should be more compatible with earlier versions of php.

#4 @DJPaul
10 years ago

Hi walbo, justinph; thank you for reporting the issue and working on a patch.

I can confirm the issue, and agree that whitespace-like characters probably shouldn't be accepted in a required field. :)
What we need to do next is test old versions of BuddyPress and see if this behaviour has always been the same, or if we broke something in a specific version of BuddyPress. Knowing this will inform us of how much consequence this kind of change might have or not.

(If I had to guess, I'd suspect I broke something in the 2.0 release when I re-wrote profile fields to use a new BP_XProfile_Field_Type class.) :)

#5 @DJPaul
10 years ago

  • Component changed from Core to XProfile
  • Milestone changed from Awaiting Review to Future Release

#6 @DJPaul
10 years ago

  • Keywords needs-patch added; has-patch removed

The patch addresses the validation logic done in the user registration process, but also needs to handle the edit profile field save handler. (This logic being duplicated is annoying and is a legacy issue that no-one's gotten around to consolidating yet.)

#7 @boonebgorges
10 years ago

agree that whitespace-like characters probably shouldn't be accepted in a required field

Just to clarify: we shouldn't allow values that consist of *nothing but* whitespace characters. We should, of course, continue to allow spaces.

Trimming the value of the $_POST payload before saving seems fine to me.

Note: See TracTickets for help on using tickets.