From 0e152503cb62e56f6f8eaadfec15ca5dfe7621b1 Mon Sep 17 00:00:00 2001
From: nacin <nacin@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 28 Apr 2010 02:20:32 +0000
Subject: [PATCH] Poka yoke for username sanitization during install. see
 #13159.

git-svn-id: http://svn.automattic.com/wordpress/trunk@14265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/install.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wp-admin/install.php b/wp-admin/install.php
index 93a914807..4eeb6aff5 100644
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -193,6 +193,9 @@ switch($step) {
 			// TODO: poka-yoke
 			display_setup_form( __('you must provide a valid username.') );
 			$error = true;
+		} elseif ( $user_name != sanitize_user( $user_name, true ) ) {
+			display_setup_form( __('the username you provided has invalid characters.') );
+			$error = true;
 		} elseif ( $admin_password != $admin_password_check ) {
 			// TODO: poka-yoke
 			display_setup_form( __( 'your passwords do not match. Please try again' ) );