From 0b8997d4ff6cd66d47089b238b7de313a999911c Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 28 Sep 2023 09:15:48 +0200 Subject: [PATCH] check if blog-user collides with a username (#471) * check if blog-user collides with a username See #470 * added changes proposed by @mattwiebe --- includes/class-admin.php | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/includes/class-admin.php b/includes/class-admin.php index 2771d76..f8afc8d 100644 --- a/includes/class-admin.php +++ b/includes/class-admin.php @@ -1,6 +1,9 @@ 'string', 'description' => \esc_html__( 'The Identifier of the Blog-User', 'activitypub' ), 'show_in_rest' => true, - 'default' => \Activitypub\Model\Blog_User::get_default_username(), + 'default' => Blog_User::get_default_username(), 'sanitize_callback' => function( $value ) { // hack to allow dots in the username $parts = explode( '.', $value ); @@ -178,7 +181,31 @@ class Admin { $sanitized[] = \sanitize_title( $part ); } - return implode( '.', $sanitized ); + $sanitized = implode( '.', $sanitized ); + + // check for login or nicename. + $user = new WP_User_Query( + array( + 'search' => $sanitized, + 'search_columns' => array( 'user_login', 'user_nicename' ), + 'number' => 1, + 'hide_empty' => true, + 'fields' => 'ID', + ) + ); + + if ( $user->results ) { + add_settings_error( + 'activitypub_blog_user_identifier', + 'activitypub_blog_user_identifier', + \esc_html__( 'You cannot use an existing author\'s name for the blog profile ID.', 'activitypub' ), + 'error' + ); + + return Blog_User::get_default_username(); + } + + return $sanitized; }, ) );