Fairly early in wpmu_validate_user_signup(), WordPress first validates the provided user name with a call to sanitize_user(). But then right after that, the sanitized user name is checked BOTH against the original one, and also against a separate and much more restrictive regex.
The first check makes sense, ensuring that you didn’t need to change the provided username. But I don’t immediately understand why the second check is happening. Are there technical restrictions on usernames in multisite, above and beyond those of single-site? (If not, is it worth opening a Trac bug about this?)
- You must be logged in to reply to this topic.