Currently there is no check to stop a new user registering their username as an email address of an existing user.
I'm not sure if this is by design or has been overlooked.

I can see no reason why we should allow a new user to register their username as another user's email address that is currently in the system.

Allowing a user to masquerade as another on the site can only be a bad thing.

CommentFileSizeAuthor
#1 check_username-1815280-1.patch959 bytesmd2

Comments

md2’s picture

Assigned: md2 » Unassigned
Status: Active » Needs review
StatusFileSize
new959 bytes

I have written a patch to fix the issue, if there is an issue.

jpstrikesback’s picture

Priority: Normal » Critical
ACF’s picture

Status: Needs review » Reviewed & tested by the community

Reviewed the code, looking good.

stevecowie’s picture

Status: Reviewed & tested by the community » Fixed

patch applied and pushed.

jpstrikesback’s picture

Whoa, that was fast! :)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.