From 5fbf931d411dd7f14b7511bdf41ea46357e67fa5 Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Mon, 11 Sep 2023 11:33:31 +0200
Subject: [PATCH] sanitize user_login

---
 README.md                    |  2 +-
 includes/class-signature.php | 10 ++++++----
 readme.txt                   |  2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 905a69b..364ed9e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # ActivityPub #
-**Contributors:** [automattic](https://profiles.wordpress.org/automattic/), [pfefferle](https://profiles.wordpress.org/pfefferle/), [mediaformat](https://profiles.wordpress.org/mediaformat/), [mattwiebe](https://profiles.wordpress.org/mattwiebe/), [akirk](https://profiles.wordpress.org/akirk/), [jeherve](https://profiles.wordpress.org/jeherve/), [nuriapena](https://profiles.wordpress.org/nuriapena/)  
+**Contributors:** [automattic](https://profiles.wordpress.org/automattic/), [pfefferle](https://profiles.wordpress.org/pfefferle/), [mediaformat](https://profiles.wordpress.org/mediaformat/), [mattwiebe](https://profiles.wordpress.org/mattwiebe/), [akirk](https://profiles.wordpress.org/akirk/), [jeherve](https://profiles.wordpress.org/jeherve/), [nuriapena](https://profiles.wordpress.org/nuriapena/), [cavalierlife](https://profiles.wordpress.org/cavalierlife/)  
 **Tags:** OStatus, fediverse, activitypub, activitystream  
 **Requires at least:** 4.7  
 **Tested up to:** 6.3  
diff --git a/includes/class-signature.php b/includes/class-signature.php
index 20ba576..3148d88 100644
--- a/includes/class-signature.php
+++ b/includes/class-signature.php
@@ -121,17 +121,19 @@ class Signature {
 	}
 
 	/**
-	 * Undocumented function
+	 * Return the option key for a given user.
 	 *
-	 * @param [type] $user_id
-	 * @return void
+	 * @param int $user_id The WordPress User ID.
+	 *
+	 * @return string The option key.
 	 */
 	protected static function get_signature_options_key_for( $user_id ) {
 		$id = $user_id;
 
 		if ( $user_id > 0 ) {
 			$user = \get_userdata( $user_id );
-			$id = $user->user_login;
+			// sanatize username because it could include spaces and special chars
+			$id = sanitize_title( $user->user_login );
 		}
 
 		return 'activitypub_keypair_for_' . $id;
diff --git a/readme.txt b/readme.txt
index 9b7ffb2..2bda237 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,5 +1,5 @@
 === ActivityPub ===
-Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena
+Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nuriapena, cavalierlife
 Tags: OStatus, fediverse, activitypub, activitystream
 Requires at least: 4.7
 Tested up to: 6.3