Commit 96235fa6 authored by John James Jacoby's avatar John James Jacoby
Browse files

Pre-sanitize the username, to prevent downstream errors.

parent ccc058ec
Pipeline #1059 skipped
......@@ -324,6 +324,9 @@ function wp_join_page_create_account() {
$password = ! empty( $_REQUEST['password'] ) ? $_REQUEST['password'] : wp_generate_password( 12, false );
$username = ! empty( $_REQUEST['username'] ) ? $_REQUEST['username'] : "{$firstname}-{$lastname}";
// Pre-sanitize the username
$username = preg_replace( '/\s+/', '', sanitize_user( $username, true ) );
// Username exists
if ( username_exists( $username ) ) {
$args = array( 'error' => 'username' );
......@@ -356,7 +359,7 @@ function wp_join_page_create_account() {
// Create the user account
$user_id = wpmu_create_user(
esc_html( sanitize_key( $username ) ),
$username,
$password,
$email
);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment