From c77de6f9410be6b69d39f9f613f2588e5bc7d7cc Mon Sep 17 00:00:00 2001 From: westi Date: Mon, 21 Dec 2009 15:25:00 +0000 Subject: [PATCH] Add stricter checks to wp_insert_user() to ensure we don't create a user with an empty user_login but return a WP_Error instead. Fixes #11548. git-svn-id: http://svn.automattic.com/wordpress/trunk@12468 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/registration.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/wp-includes/registration.php b/wp-includes/registration.php index 6148bb67e..cb76c0914 100644 --- a/wp-includes/registration.php +++ b/wp-includes/registration.php @@ -98,7 +98,7 @@ function validate_username( $username ) { * @uses do_action() Calls 'user_register' hook when creating a new user giving the user's ID * * @param array $userdata An array of user data. - * @return int The newly created user's ID. + * @return int|WP_Error The newly created user's ID or a WP_Error object if the user could not be created. */ function wp_insert_user($userdata) { global $wpdb; @@ -118,7 +118,14 @@ function wp_insert_user($userdata) { $user_login = sanitize_user($user_login, true); $user_login = apply_filters('pre_user_login', $user_login); - + + //Remove any non-printable chars from the login string to see if we have ended up with an empty username + $user_login = trim($user_login); + + if ( empty($user_login) ) { + return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') ); + } + if ( empty($user_nicename) ) $user_nicename = sanitize_title( $user_login ); $user_nicename = apply_filters('pre_user_nicename', $user_nicename);