Support Forum

I saw that function at the wordpress site and another reference to it in the formatting.php file so I went looking for it.  Here it is for reference;

/**
 * Sanitizes a username, stripping out unsafe characters.
 *
 * Removes tags, octets, entities, and if strict is enabled, will only keep
 * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
 * raw username (the username in the parameter), and the value of $strict as
 * parameters for the 'sanitize_user' filter.
 *
 * @since 2.0.0
 *
 * @param string $username The username to be sanitized.
 * @param bool $strict If set limits $username to specific characters. Default false.
 * @return string The sanitized username, after passing through filters.
 */
function sanitize_user( $username, $strict = false ) {
    $raw_username = $username;
    $username = wp_strip_all_tags( $username );
    $username = remove_accents( $username );
    // Kill octets
    $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
    $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities

    // If strict, reduce to ASCII for max portability.
    if ( $strict )
        $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );

    $username = trim( $username );
    // Consolidate contiguous whitespace
    $username = preg_replace( '|\s+|', ' ', $username );

    /**
     * Filter a sanitized username string.
     *
     * @since 2.0.1
     *
     * @param string $username     Sanitized username.
     * @param string $raw_username The username prior to sanitization.
     * @param bool   $strict       Whether to limit the sanitization to specific characters. Default false.
     */
    return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
}

I'm not an expert on .php but it looks to me like standard wordpress lets just about any character to be used with WordPress, provided $strict=false.

And, fwiw, i'm posting this here figuring that the people using SP are probably also WP literate and might be able to help.  i'm not necessarily vying for admin help.  the wordpress.org forums are very limited in the help that one can expect to find there so i thought it might be something we could discuss here.  if it isn't appropriate to post these kinds of general WP questions then I won't do so again in the future.

Bart

I just posted this to the ClassiPress forums since it ought to be their responsibility to provide a solution.  If anyone feels like chiming in I'd be happy to find an answer.  Thanks, Bart

dealing with similar usernames issue....was going to report a bug

in the formatting.php file I set $strict to True to limit characters that can be used in usernames. using characters other than ., -, and @ throws an error message during the registration process. if you use a space though, the system accepts the new username BUT DELETES THE SPACE WHEN IT RECORDS THE ENTRY!

So if you register using "GSN test user" as your username, it will actually put you into the system as GSNtestuser and when you go to change your password or do something else it won't recognize you if you put in "GSN test user" but you won't know to put in GSNtestuser which is how you have been recorded into the database.

How do we get the system to generate a fault for a username with a space in it?? Is there a way to make it spit out the same error message for a space by listing the space character in the sanitize_usernames subroutine or whatever that little bit of code is called? so far, all i've done there is to change the false to true after $strict.

thanks,
bart