diff --git a/src/wp-admin/network/user-new.php b/src/wp-admin/network/user-new.php index 52e4d9fa7e..4b330c0819 100644 --- a/src/wp-admin/network/user-new.php +++ b/src/wp-admin/network/user-new.php @@ -89,7 +89,7 @@ if ( isset( $add_user_errors ) && is_wp_error( $add_user_errors ) ) { ?> - + diff --git a/src/wp-admin/user-new.php b/src/wp-admin/user-new.php index 67da518f6e..83cb90e0d1 100644 --- a/src/wp-admin/user-new.php +++ b/src/wp-admin/user-new.php @@ -375,7 +375,7 @@ $new_user_ignore_pass = $creating && isset( $_POST['noconfirmation'] ) ? wp_unsl
- + diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php index e1b933e6cf..19f564344d 100644 --- a/src/wp-includes/user-functions.php +++ b/src/wp-includes/user-functions.php @@ -1245,19 +1245,28 @@ function wp_insert_user( $userdata ) { //Remove any non-printable chars from the login string to see if we have ended up with an empty username $user_login = trim( $pre_user_login ); + // user_login must be between 0 and 60 characters. if ( empty( $user_login ) ) { return new WP_Error('empty_user_login', __('Cannot create a user with an empty login name.') ); + } elseif ( mb_strlen( $user_login ) > 60 ) { + return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); } + if ( ! $update && username_exists( $user_login ) ) { return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) ); } - // If a nicename is provided, remove unsafe user characters before - // using it. Otherwise build a nicename from the user_login. + /* + * If a nicename is provided, remove unsafe user characters before using it. + * Otherwise build a nicename from the user_login. + */ if ( ! empty( $userdata['user_nicename'] ) ) { $user_nicename = sanitize_user( $userdata['user_nicename'], true ); + if ( mb_strlen( $user_nicename ) > 50 ) { + return new WP_Error( 'user_nicename_too_long', __( 'Nicename may not be longer than 50 characters.' ) ); + } } else { - $user_nicename = $user_login; + $user_nicename = mb_substr( $user_login, 0, 50 ); } $user_nicename = sanitize_title( $user_nicename ); @@ -1395,7 +1404,9 @@ function wp_insert_user( $userdata ) { if ( $user_nicename_check ) { $suffix = 2; while ($user_nicename_check) { - $alt_user_nicename = $user_nicename . "-$suffix"; + // user_nicename allows 50 chars. Subtract one for a hyphen, plus the length of the suffix. + $base_length = 49 - mb_strlen( $suffix ); + $alt_user_nicename = mb_substr( $user_nicename, 0, $base_length ) . "-$suffix"; $user_nicename_check = $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_nicename = %s AND user_login != %s LIMIT 1" , $alt_user_nicename, $user_login)); $suffix++; } diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php index 4dc281cb44..9a3b9ab017 100644 --- a/tests/phpunit/tests/user.php +++ b/tests/phpunit/tests/user.php @@ -574,6 +574,97 @@ class Tests_User extends WP_UnitTestCase { $this->assertSame( $user->user_nicename, $updated_user->user_nicename ); } + /** + * @ticket 33793 + */ + public function test_wp_insert_user_should_reject_user_login_over_60_characters() { + $user_login = str_repeat( 'a', 61 ); + $u = wp_insert_user( array( + 'user_login' => $user_login, + 'user_email' => $user_login . '@example.com', + 'user_pass' => 'password', + 'user_nicename' => 'something-short', + ) ); + + $this->assertWPError( $u ); + $this->assertSame( 'user_login_too_long', $u->get_error_code() ); + } + + /** + * @ticket 33793 + */ + public function test_wp_insert_user_should_reject_user_nicename_over_50_characters() { + $user_nicename = str_repeat( 'a', 51 ); + $u = wp_insert_user( array( + 'user_login' => 'mynicenamehas50chars', + 'user_email' => $user_nicename . '@example.com', + 'user_pass' => 'password', + 'user_nicename' => $user_nicename, + ) ); + + $this->assertWPError( $u ); + $this->assertSame( 'user_nicename_too_long', $u->get_error_code() ); + } + + /** + * @ticket 33793 + */ + public function test_wp_insert_user_should_not_generate_user_nicename_longer_than_50_chars() { + $user_login = str_repeat( 'a', 55 ); + $u = wp_insert_user( array( + 'user_login' => $user_login, + 'user_email' => $user_login . '@example.com', + 'user_pass' => 'password', + ) ); + + $this->assertNotEmpty( $u ); + $user = new WP_User( $u ); + $expected = str_repeat( 'a', 50 ); + $this->assertSame( $expected, $user->user_nicename ); + } + + /** + * @ticket 33793 + */ + public function test_wp_insert_user_should_not_truncate_to_a_duplicate_user_nicename() { + $u1 = $this->factory->user->create( array( + 'user_nicename' => str_repeat( 'a', 50 ), + ) ); + + $user_login = str_repeat( 'a', 55 ); + $u = wp_insert_user( array( + 'user_login' => $user_login, + 'user_email' => $user_login . '@example.com', + 'user_pass' => 'password', + ) ); + + $this->assertNotEmpty( $u ); + $user = new WP_User( $u ); + $expected = str_repeat( 'a', 48 ) . '-2'; + $this->assertSame( $expected, $user->user_nicename ); + } + + /** + * @ticket 33793 + */ + public function test_wp_insert_user_should_not_truncate_to_a_duplicate_user_nicename_when_suffix_has_more_than_one_character() { + $users = $this->factory->user->create_many( 9, array( + 'user_nicename' => str_repeat( 'a', 50 ), + ) ); + + $user_login = str_repeat( 'a', 55 ); + $u = wp_insert_user( array( + 'user_login' => $user_login, + 'user_email' => $user_login . '@example.com', + 'user_pass' => 'password', + ) ); + + $this->assertNotEmpty( $u ); + $user = new WP_User( $u ); + $expected = str_repeat( 'a', 47 ) . '-10'; + $this->assertSame( $expected, $user->user_nicename ); + } + function test_changing_email_invalidates_password_reset_key() { global $wpdb;