Always sanitize user_nicename in wp_insert_user().

Previously, a 'user_nicename' parameter passed into the function was
unsanitized. This could result in a mismatch between the sanitized nicename
generated automatically at user creation, resulting in broken author archive
permalinks.

Props joemcgill.

Fixes #29696.

git-svn-id: https://develop.svn.wordpress.org/trunk@29819 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Boone Gorges
2014-10-02 18:53:24 +00:00
parent dcef5d4583
commit 6ffb0fcafb
2 changed files with 23 additions and 3 deletions

View File

@@ -1676,12 +1676,17 @@ function wp_insert_user( $userdata ) {
if ( ! $update && username_exists( $user_login ) ) {
return new WP_Error( 'existing_user_login', __( 'Sorry, that username already exists!' ) );
}
if ( empty( $userdata['user_nicename'] ) ) {
$user_nicename = sanitize_title( $user_login );
// If a nicename is provided, remove unsafe user characters before
// using it. Otherwise build a nicename from the user_login.
if ( ! empty( $userdata['user_nicename'] ) ) {
$user_nicename = sanitize_user( $userdata['user_nicename'], true );
} else {
$user_nicename = $userdata['user_nicename'];
$user_nicename = $user_login;
}
$user_nicename = sanitize_title( $user_nicename );
// Store values to save in user meta.
$meta = array();