plus symbol (+) in email addresses are stripped out

  • I wrote a plugin that, among other things, registers users who supply their email addresses. It uses the email address as their username.

    If they supply (for example) [email protected] (which is a legitimate address) then WordPress turns this into [email protected] and as a result they cannot use the expected username.

    Nobody asked for this. The issue has been raised before but not addressed. It breaks things. Can it please be be amended?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Usernames cannot contain symbols.

    CAVEAT: I don’t know enough to consider myself a developer.

    That said, I look at this differently.

    From an email perspective, WordPress allows the + sign in a user’s email address, as clearly documented in the sanitize_email function.

    But if I decide to use the email address as a WordPress username, then I don’t expect WordPress to necessarily follow RFC 2822 and allow all valid email characters anymore in a username.

    Instead, I expect WordPress to subject my email address to the same rules for usernames.

    So it is then that, used as a username, an email address gets no special treatment: it’s just a string of characters that go through the same sanitize_user function to strip out what WordPress considers unsafe characters. That the input string for the username happens to be an email address is not even a point of interest.

    But as you’re a developer, perhaps it shouldn’t be that difficult for you to tweak the sanitize_user function to allow the + sign in your site’s usernames?

    Thread Starter kenrichman

    (@kenrichman)

    Tweaking WordPress core functions is not an option with a plugin intended for widespread distribution.

    WordPress allows users to log in with either their email address or their username, this suggests an intention to treat them similarly, if not quite interchangably.

    Online shoppers are used to registering with their email address and not having to remember a separate username for each account. Therefore usernames need to include the subset of characters allowed in email addresses.

    What is it about the ‘+’ symbol considered dangerous?

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘plus symbol (+) in email addresses are stripped out’ is closed to new replies.