Skip to:
Content

BuddyPress.org

Opened 5 years ago

Last modified 14 months ago

#6144 assigned defect (bug)

Registering an account with a login containing a space

Reported by: imath Owned by: r-a-y
Milestone: Awaiting Contributions Priority: normal
Severity: normal Version: 2.0
Component: Members Keywords: needs-patch
Cc:

Description

If i choose "un espace" as my login in the registration form, my account is created with the login "unespace". As a result when i try to connect with the login i registered, i got "Invalid username"

I need to investigate to see if it was possible to register with such a login before 2.0 (when we change the signup process).

We should at least throw an error before, stop the user creation process and request the user to provide another login.

Attachments (1)

6144.patch (6.1 KB) - added by imath 5 years ago.

Download all attachments as: .zip

Change History (13)

#1 follow-up: @boonebgorges
5 years ago

Please be sure to look through the changelogs before going too far down the rabbithole. In a recent version, we removed much of BP's sanitization of user_login, depending instead on WP's rules. Much ink has been spilled on the reasoning behind it (though I've lost track of the ticket number), and catching up on that conversation will help to inform a good decision here. (I agree that we should probably be throwing an error, fwiw.)

#2 in reply to: ↑ 1 @imath
5 years ago

Replying to boonebgorges:

Please be sure to look through the changelogs before going too far down the rabbit hole.

Thanks for the info :)

#3 @imath
5 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 2.2
  • Version set to 2.0

Actually i've introduced this :( see r8119 the changes in bp-members-functions.php at line 1413 to 1416.

This part should be in the bp_core_validate_user_signup() as it reproduces much of the logic of wpmu_validate_user_signup().

I also think we should have the same way of validating a new user if done in the add-new administration screen or in the registration page (for non multisite configs only, as WordPress is managing it for multisite).

So I'm suggesting 6144.patch & I think we should consider fixing this for 2.2.

@imath
5 years ago

#4 follow-up: @boonebgorges
5 years ago

  • Milestone changed from 2.2 to 2.3

Thanks for looking into it, imath. I'm not sure I totally understand, though. How does this relate to [7570]? The point there was that we *should* allow usernames with spaces. It seems to me that the problem here is that we're silently removing the space, and the solution is to stop doing that, rather than refusing to accept a user_login with a space. See #5185.

I don't feel comfortable moving quickly on this one, and it doesn't appear to be a regression in 2.1 or 2.2, so let's try to fix it one way or another for 2.3.

#5 in reply to: ↑ 4 @imath
5 years ago

Replying to boonebgorges:

and the solution is to stop doing that

You surely right. I just don't feel comfortable having 2 different ways of sanitizing a user_login depending if i'm on multisite or not, since we are now using the signup table whatever the config is.

i guess multisite needs to avoid spaces/weird chars in the urls.

#6 @boonebgorges
5 years ago

  • Keywords needs-patch added; has-patch removed

I just don't feel comfortable having 2 different ways of sanitizing a user_login depending if i'm on multisite or not, since we are now using the signup table whatever the config is.

I don't feel great about it either, but the place to solve that problem is https://core.trac.wordpress.org/ticket/17904 :)

#7 @imath
5 years ago

Thanks a lot, just subscribed to the ticket, i like the idea of the suggested function wp_validate_user_login() ;)

#8 @DJPaul
5 years ago

  • Milestone changed from 2.3 to Future Release

#9 @r-a-y
20 months ago

  • Milestone changed from Awaiting Contributions to Up Next

Marked #7767 as a duplicate.

We should do something about this in the next few releases.

#10 @ravipatel
20 months ago

  • Milestone changed from Up Next to 2.9.5

@r-a-y #7767 in all ready provide a solutions & issue please fix as soon as in next version.
Please review and given a valid feedback if need any changes.

#11 @DJPaul
20 months ago

  • Milestone changed from 2.9.5 to Up Next
  • Owner set to r-a-y
  • Status changed from new to assigned

Do not modify the Milestone field. Thank you.

#12 @DJPaul
14 months ago

  • Milestone changed from Up Next to Awaiting Contributions
Note: See TracTickets for help on using tickets.