Use 'invalid_username' error code when tripping 'illegal_user_logins'.

boonebgorges · boonebgorges · commit a1f89f4e86c9 · 2015-12-04T23:24:56.000Z
This gives us better compatibility with existing errors thrown by `sanitize_user()`, especially in Multisite, where user_login has more restrictions on allowed characters. Props markjaquith. Fixes #27317. git-svn-id: https://develop.svn.wordpress.org/trunk@35772 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php
@@ -146,7 +146,7 @@ function edit_user( $user_id = 0 ) {
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
 	if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
-		$errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
+		$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
 	}
 
 	/* checking email address */
diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
@@ -1331,7 +1331,7 @@ function wp_insert_user( $userdata ) {
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 
 	if ( in_array( strtolower( $user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
-		return new WP_Error( 'illegal_user_login', __( 'Sorry, that username is not allowed.' ) );
+		return new WP_Error( 'invalid_username', __( 'Sorry, that username is not allowed.' ) );
 	}
 
 	/*
@@ -2124,6 +2124,13 @@ function register_new_user( $user_login, $user_email ) {
 		$sanitized_user_login = '';
 	} elseif ( username_exists( $sanitized_user_login ) ) {
 		$errors->add( 'username_exists', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
+
+	} else {
+		/** This filter is documented in wp-includes/user.php */
+		$illegal_user_logins = array_map( 'strtolower', (array) apply_filters( 'illegal_user_logins', array() ) );
+		if ( in_array( strtolower( $sanitized_user_login ), $illegal_user_logins ) ) {
+			$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );
+		}
 	}
 
 	// Check the email address
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
@@ -622,7 +622,7 @@ function test_illegal_user_logins_single( $user_login ) {
 
 		$response = wp_insert_user( $user_data );
 		$this->assertInstanceOf( 'WP_Error', $response );
-		$this->assertEquals( 'illegal_user_login', $response->get_error_code() );
+		$this->assertEquals( 'invalid_username', $response->get_error_code() );
 
 		remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
 
@@ -631,6 +631,26 @@ function test_illegal_user_logins_single( $user_login ) {
 		$this->assertInstanceOf( 'WP_User', $user );
 	}
 
+	/**
+	 * @ticket 27317
+	 * @dataProvider _illegal_user_logins_data
+	 */
+	function test_illegal_user_logins_single_wp_create_user( $user_login ) {
+		$user_email = 'testuser-' . $user_login . '@example.com';
+
+		add_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+		$response = register_new_user( $user_login, $user_email );
+		$this->assertInstanceOf( 'WP_Error', $response );
+		$this->assertEquals( 'invalid_username', $response->get_error_code() );
+
+		remove_filter( 'illegal_user_logins', array( $this, '_illegal_user_logins' ) );
+
+		$response = register_new_user( $user_login, $user_email );
+		$user = get_user_by( 'id', $response );
+		$this->assertInstanceOf( 'WP_User', $user );
+	}
+
 	/**
 	 * @ticket 27317
 	 */
@@ -658,10 +678,15 @@ function test_illegal_user_logins_multisite() {
 	}
 
 	function _illegal_user_logins_data() {
-		return array(
-			array( 'testuser' ),
-			array( 'TestUser' ),
+		$data = array(
+			array( 'testuser' )
 		);
+
+		// Multisite doesn't allow mixed case logins ever
+		if ( ! is_multisite() ) {
+			$data[] = array( 'TestUser' );
+		}
+		return $data;
 	}
 
 	function _illegal_user_logins() {

Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ function edit_user( $user_id = 0 ) {`
`146`	`146`	`$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );`
`147`	`147`
`148`	`148`	`if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {`
`149`		`- $errors->add( 'illegal_user_login', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );`
	`149`	`+ $errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`/* checking email address */`