From 6ffb0fcafb1d2b9403032a66b5b0477d4b2caed0 Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@git.wordpress.org>
Date: Thu, 2 Oct 2014 18:53:24 +0000
Subject: [PATCH] Always sanitize user_nicename in wp_insert_user().

Previously, a 'user_nicename' parameter passed into the function was
unsanitized. This could result in a mismatch between the sanitized nicename
generated automatically at user creation, resulting in broken author archive
permalinks.

Props joemcgill.

Fixes #29696.

git-svn-id: https://develop.svn.wordpress.org/trunk@29819 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/user.php     | 11 ++++++++---
 tests/phpunit/tests/user.php | 15 +++++++++++++++
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index 141fff35b3..1d00523d0c 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -1676,12 +1676,17 @@ function wp_insert_user( $userdata ) {
 	if ( ! $update && username_exists( $user_login ) ) {
 		return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
 	}
-	if ( empty( $userdata['user_nicename'] ) ) {
-		$user_nicename = sanitize_title( $user_login );
+
+	// If a nicename is provided, remove unsafe user characters before
+	// using it. Otherwise build a nicename from the user_login.
+	if ( ! empty( $userdata['user_nicename'] ) ) {
+		$user_nicename = sanitize_user( $userdata['user_nicename'], true );
 	} else {
-		$user_nicename = $userdata['user_nicename'];
+		$user_nicename = $user_login;
 	}
 
+	$user_nicename = sanitize_title( $user_nicename );
+
 	// Store values to save in user meta.
 	$meta = array();
 
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 26e45a2ee2..5ca0a22b39 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -654,4 +654,19 @@ class Tests_User extends WP_UnitTestCase {
 		$metas = array_keys( get_user_meta( 1 ) );
 		$this->assertNotContains( 'key', $metas );
 	}
+
+	/**
+	 * @ticket 29696
+	 */
+	public function test_wp_insert_user_should_sanitize_user_nicename_parameter() {
+		$user = $this->factory->user->create_and_get();
+
+		$userdata = $user->to_array();
+		$userdata['user_nicename'] = str_replace( '-', '.', $user->user_nicename );
+		wp_insert_user( $userdata );
+
+		$updated_user = new WP_User( $user->ID );
+
+		$this->assertSame( $user->user_nicename, $updated_user->user_nicename );
+	}
 }