took a closer look at the sanitize-User subroutine in the Formatting.php file
line 1132 has a string of characters that look like allowed characters for when the $strict variable is set to TRUE as we did last night. the code around line 1132 also looks like it’s pointing to this string of characters when $strict=true.
In the string of characters there is a mysterious looking space after the number 9 so I deleted the space, saved the file and tried to register the username “test user”. before deleting the space it would take the name, change it to testuser, and then welcome the new user to the site.
with the space after the 9 in line 1132 deleted, it now throws an error message and our users will be better for it!