Opened 10 years ago
Last modified 6 years ago
#6144 assigned defect (bug)
Registering an account with a login containing a space
Reported by: | imath | Owned by: | r-a-y |
---|---|---|---|
Milestone: | Awaiting Contributions | Priority: | normal |
Severity: | normal | Version: | 2.0 |
Component: | Members | Keywords: | needs-patch |
Cc: |
Description
If i choose "un espace" as my login in the registration form, my account is created with the login "unespace". As a result when i try to connect with the login i registered, i got "Invalid username"
I need to investigate to see if it was possible to register with such a login before 2.0 (when we change the signup process).
We should at least throw an error before, stop the user creation process and request the user to provide another login.
Attachments (1)
Change History (13)
#2
in reply to:
↑ 1
@
10 years ago
Replying to boonebgorges:
Please be sure to look through the changelogs before going too far down the rabbit hole.
Thanks for the info :)
#3
@
10 years ago
- Keywords has-patch added
- Milestone changed from Awaiting Review to 2.2
- Version set to 2.0
Actually i've introduced this :( see r8119 the changes in bp-members-functions.php at line 1413 to 1416.
This part should be in the bp_core_validate_user_signup()
as it reproduces much of the logic of wpmu_validate_user_signup()
.
I also think we should have the same way of validating a new user if done in the add-new administration screen or in the registration page (for non multisite configs only, as WordPress is managing it for multisite).
So I'm suggesting 6144.patch & I think we should consider fixing this for 2.2.
#4
follow-up:
↓ 5
@
10 years ago
- Milestone changed from 2.2 to 2.3
Thanks for looking into it, imath. I'm not sure I totally understand, though. How does this relate to [7570]? The point there was that we *should* allow usernames with spaces. It seems to me that the problem here is that we're silently removing the space, and the solution is to stop doing that, rather than refusing to accept a user_login with a space. See #5185.
I don't feel comfortable moving quickly on this one, and it doesn't appear to be a regression in 2.1 or 2.2, so let's try to fix it one way or another for 2.3.
#5
in reply to:
↑ 4
@
10 years ago
Replying to boonebgorges:
and the solution is to stop doing that
You surely right. I just don't feel comfortable having 2 different ways of sanitizing a user_login depending if i'm on multisite or not, since we are now using the signup table whatever the config is.
i guess multisite needs to avoid spaces/weird chars in the urls.
#6
@
10 years ago
- Keywords needs-patch added; has-patch removed
I just don't feel comfortable having 2 different ways of sanitizing a user_login depending if i'm on multisite or not, since we are now using the signup table whatever the config is.
I don't feel great about it either, but the place to solve that problem is https://core.trac.wordpress.org/ticket/17904 :)
#7
@
10 years ago
Thanks a lot, just subscribed to the ticket, i like the idea of the suggested function wp_validate_user_login()
;)
#9
@
7 years ago
- Milestone changed from Awaiting Contributions to Up Next
Marked #7767 as a duplicate.
We should do something about this in the next few releases.
#10
@
7 years ago
- Milestone changed from Up Next to 2.9.5
@r-a-y #7767 in all ready provide a solutions & issue please fix as soon as in next version.
Please review and given a valid feedback if need any changes.
Please be sure to look through the changelogs before going too far down the rabbithole. In a recent version, we removed much of BP's sanitization of user_login, depending instead on WP's rules. Much ink has been spilled on the reasoning behind it (though I've lost track of the ticket number), and catching up on that conversation will help to inform a good decision here. (I agree that we should probably be throwing an error, fwiw.)