Login Slug / Login URL is casted to lowercase without any warning

… and will be converted in the same manner as a post title.

Create a new post with uppercase chars in the post title and you will see that they’ll get converted to lowercase on saving the post.

WordPress core sanitize_title() function does this.
(Well actually it’s the sanitize_title default filter sanitize_title_with_dashes() callback that converts to lowercase).

Note there is no mentioning of converting to lowercase either in the sanitize_title() function nor in the sanitize_title_with_dashes() function online documentation …

To prevent any confusion, I’m not iThemes.

@nlpro I think you confuse HTML attribute and PHP key “title” (which sanitize_title is exactly for) with post title which is not altered this way on post save and it wouldn’t even make any sense to do so ??

What is true, is authors may have refferred to the post title => post slug sanitization, which is not clear at first sight.

Nevertheless – even if it would – this is still something that should be explicitly mentioned – we’re talking admin access, not some funky heading view with which everybody could live ??

No not confused just a bit careless. It was already too late (for editing my post) when it dawned upon me that the phrasing in my post wasn’t right. Didn’t care to do a repost.

Considering your www.ads-software.com profile age I expected you would figure it out anyway. And you did.

Of course is a post title not sanitized using the sanitize_title() function when saving. It’s the post permalink slug that makes use of the post title being sanitized by the sanitize_title() function.
And yes, that’s what iThemes remark is referring to. Totally agree iThemes should improve their phrasing to make this more obvious.

I doublechecked the plugin code and I can confirm the entered Login Slug value (as well as the entered Register Slug value) are sanitized using the sanitize_title() function when saving the settings.

Note the Register Slug setting is only displayed if the Membership (Anyone can register) setting is enabled in (WordPress) Settings/General.

Apart from not mentioning converting to lowercase there is another conversion taking place which is also not mentioned. Accented characters being replaced with non-accented equivalents by using the remove_accents() function (within the sanitize_title() function) …
So if converting to lowercase must be explicitly mentioned, converting to non-accented chars should be too.

Anyway on saving, a confirmation message will show you the slug AFTER sanitation and an email is send which also includes the slug AFTER sanitation. So plenty of opportunity to notice how exactly your entered slug(s) is(are) sanitized/converted.

Last but not least the settings description also ends with:

Please review your selection before logging out.

@nlpro I’m glad we’re on the same page – yes the confirmation message with resulting URL & ajax-way is something I think was added along the way – and this time it saved some time ?? (I think a few years ago it wasn’t there). (And yes I have MANY years of programming in general and WP experience, but one can always learn new stuff or overlook! ?? )

Accented characters and other URL-funky stuff is usually not something that would be considered “basic url path char” which is usually considered a-z, A-Z, 0-9, -, _,. (I’m mean generally, not doc-precisely)

Anyways apart from phrasing I’m now realizing the problem is much deeper – the plugin even LETS you save that – there should be pre-validation BEFORE it even lets you save the slug ?? ! That would ultimately resolve everything.

Anyways apart from phrasing I’m now realizing the problem is much deeper – the plugin even LETS you save that – there should be pre-validation BEFORE it even lets you save the slug ?? !

In an ideal world yes, there should also be (javascript) client side validation.

Any input from @ithemes ? ??