WordPress.org

Make WordPress Core

Ticket #16731: 16731.diff

File 16731.diff, 1.4 KB (added by garyc40, 7 years ago)

properly account for empty ID in $userdata

  • wp-includes/user.php

    diff --git wp-includes/user.php wp-includes/user.php
    index cd4b01d..5214e09 100644
    function wp_insert_user($userdata) { 
    15431543 * @return int The updated user's ID.
    15441544 */
    15451545function wp_update_user($userdata) {
    1546         $ID = (int) $userdata['ID'];
    1547 
    1548         // First, get all of the original fields
    1549         $user = get_userdata($ID);
     1546        if ( empty( $userdata['ID'] ) ) {
     1547                $user = array();
     1548        } else {
     1549                $ID = (int) $userdata['ID'];
    15501550
    1551         // Escape data pulled from DB.
    1552         $user = add_magic_quotes(get_object_vars($user));
     1551                // Escape data pulled from DB.
     1552                $user = add_magic_quotes(get_object_vars($user));
     1553                wp_cache_delete($user[ 'user_email' ], 'useremail');
     1554        }
    15531555
    15541556        // If password is changing, hash it now.
    15551557        if ( ! empty($userdata['user_pass']) ) {
    function wp_update_user($userdata) { 
    15571559                $userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
    15581560        }
    15591561
    1560         wp_cache_delete($user[ 'user_email' ], 'useremail');
    1561 
    15621562        // Merge old and new fields with new fields overwriting old ones.
    15631563        $userdata = array_merge($user, $userdata);
    15641564        $user_id = wp_insert_user($userdata);
    15651565
    15661566        // Update the cookies if the password changed.
    15671567        $current_user = wp_get_current_user();
    1568         if ( $current_user->id == $ID ) {
     1568        if ( $current_user->id == $user_id ) {
    15691569                if ( isset($plaintext_pass) ) {
    15701570                        wp_clear_auth_cookie();
    1571                         wp_set_auth_cookie($ID);
     1571                        wp_set_auth_cookie($user_id);
    15721572                }
    15731573        }
    15741574