WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: User Spam Remover] Can not whitelist user with a space character (2 posts)

  1. Cavorter
    Member
    Posted 3 years ago #

    Really excellent plug-in but I can't get the whitelist function to accept a user that has a space character in it. Someone created an account named essentially "Firstname Lastname". Technically he hasn't logged in in ages but I want to make sure the account sticks around but I can't whitelist it. If I enter the name without a comma between the two parts it just adds the comma for me and splits up the name. Similarly if I add quotes around the name it strips the quotes and adds the commas again.

    Any idea how to get around this?

    Also, as a feature request: It would be really handy to add a Whitelist checkbox to the user account pages. It would be useful both to tell from the account page if you had whitelisted a user as well as being able to do specific searches and whitelist them without having to go to the plugin page.

    Thanks again!

  2. joelhardi
    Member
    Posted 3 years ago #

    Thanks for the report! Sorry for the late response, I don't check this forum often.

    I reproduced the issue and will have a fix in the next release. My plugin disallowed certain characters (,"'><[]();%& etc.) that are permitted in WordPress usernames (they pass through the sanitize_user function). I'm already using sanitize_user and mysql_real_escape_string on these usernames, so I'll probably do something like the following patch, pending more testing.

    I'll paste the patch here so you've got a fix ready to go.

    === modified file 'htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php'
    --- htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php   2011-03-11 09:37:12 +0000
    +++ htdocs/wp-content/plugins/user-spam-remover/user-spam-remover.php   2011-08-23 18:42:05 +0000
    @@ -608,7 +608,7 @@
           // Format escaped SQL for username whitelist if whitelist is non-empty
           $sql = '';
           if ($whitelist = $this->getOption('userWhitelist')) {
    -        $ns = preg_split("#[\s,]+#", trim($whitelist));
    +        $ns = preg_split("#\s*,+\s*#", trim($whitelist));
             $us = array();
             foreach ($ns as $n) {
               if (strlen($n) > 0)
    @@ -841,7 +841,7 @@
       }
    
       public static function sanitizeWhitelist($v) {
    -    $ns = preg_split("#[\s,'\";/\\\<\>%&\]\[\(\)]+#", trim($v));
    +    $ns = preg_split("#\s*,+\s*#", trim($v));
         $us = array();
         foreach ($ns as $n) {
           if (strlen($n) > 0)

Topic Closed

This topic has been closed to new replies.

About this Topic