Fix user validation feedback. Props sivel. fixes #13162

ryanboren · ryanboren · commit 56e95f24c5af · 2010-05-03T23:46:42.000Z
git-svn-id: https://develop.svn.wordpress.org/trunk@14428 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
@@ -158,8 +158,8 @@ function edit_user( $user_id = 0 ) {
 	if ( !empty( $pass1 ) )
 		$user->user_pass = $pass1;
 
-	if ( !$update && !validate_username( $user->user_login ) )
-		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid. Please enter a valid username.' ));
+	if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
+		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
 
 	if ( !$update && username_exists( $user->user_login ) )
 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
@@ -735,19 +735,20 @@ function sanitize_file_name( $filename ) {
  */
 function sanitize_user( $username, $strict = false ) {
 	$raw_username = $username;
-	$username = wp_strip_all_tags($username);
+	$username = wp_strip_all_tags( $username );
+	$username = remove_accents( $username );
 	// Kill octets
-	$username = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $username);
-	$username = preg_replace('/&.+?;/', '', $username); // Kill entities
+	$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
+	$username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
 
 	// If strict, reduce to ASCII for max portability.
 	if ( $strict )
-		$username = preg_replace('|[^a-z0-9 _.\-@]|i', '', $username);
+		$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
 
 	// Consolidate contiguous whitespace
-	$username = preg_replace('|\s+|', ' ', $username);
+	$username = preg_replace( '|\s+|', ' ', $username );
 
-	return apply_filters('sanitize_user', $username, $raw_username, $strict);
+	return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
 }
 
 /**
diff --git a/wp-login.php b/wp-login.php
@@ -268,47 +268,49 @@ function reset_password($key, $login) {
  * @param string $user_email User's email address to send password and add
  * @return int|WP_Error Either user's ID or error on failure.
  */
-function register_new_user($user_login, $user_email) {
+function register_new_user( $user_login, $user_email ) {
 	$errors = new WP_Error();
 
-	$user_login = sanitize_user( $user_login );
+	$sanitized_user_login = sanitize_user( $user_login );
 	$user_email = apply_filters( 'user_registration_email', $user_email );
 
 	// Check the username
-	if ( $user_login == '' )
-		$errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.'));
-	elseif ( !validate_username( $user_login ) ) {
-		$errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'));
-		$user_login = '';
-	} elseif ( username_exists( $user_login ) )
-		$errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
+	if ( $sanitized_user_login == '' ) {
+		$errors->add( 'empty_username', __( '<strong>ERROR</strong>: Please enter a username.' ) );
+	} elseif ( ! validate_username( $user_login ) ) {
+		$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
+		$sanitized_user_login = '';
+	} elseif ( username_exists( $sanitized_user_login ) ) {
+		$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered, please choose another one.' ) );
+	}
 
 	// Check the e-mail address
-	if ($user_email == '') {
-		$errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
-	} elseif ( !is_email( $user_email ) ) {
-		$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
+	if ( $user_email == '' ) {
+		$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your e-mail address.' ) );
+	} elseif ( ! is_email( $user_email ) ) {
+		$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
 		$user_email = '';
-	} elseif ( email_exists( $user_email ) )
-		$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'));
+	} elseif ( email_exists( $user_email ) ) {
+		$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
+	}
 
-	do_action('register_post', $user_login, $user_email, $errors);
+	do_action( 'register_post', $sanitized_user_login, $user_email, $errors );
 
-	$errors = apply_filters( 'registration_errors', $errors, $user_login, $user_email );
+	$errors = apply_filters( 'registration_errors', $errors, $sanitized_user_login, $user_email );
 
 	if ( $errors->get_error_code() )
 		return $errors;
 
 	$user_pass = wp_generate_password();
-	$user_id = wp_create_user( $user_login, $user_pass, $user_email );
-	if ( !$user_id ) {
-		$errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
+	$user_id = wp_create_user( $sanitized_user_login, $user_pass, $user_email );
+	if ( ! $user_id ) {
+		$errors->add( 'registerfail', sprintf( __( '<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !' ), get_option( 'admin_email' ) ) );
 		return $errors;
 	}
 
-	update_user_option($user_id, 'default_password_nag', true, true); //Set up the Password change nag.
+	update_user_option( $user_id, 'default_password_nag', true, true ); //Set up the Password change nag.
 
-	wp_new_user_notification($user_id, $user_pass);
+	wp_new_user_notification( $user_id, $user_pass );
 
 	return $user_id;
 }
