WordPress.org

Make WordPress Core

Changeset 20410


Ignore:
Timestamp:
04/09/12 22:01:07 (3 years ago)
Author:
ryan
Message:

When fetching the user in get_currentuserinfo(), make sure it is a valid WP_User object. If it is stdClass, upgrade it to WP_User. If it is WP_Error, an int, or anything else, set the current user to ID 0.

In wp_set_current_user(), return the current user global only if it is a WP_User object. If it is not, fall through and go about setting it up properly.

Formatting cleanups for both functions.

see #20372

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r20402 r20410  
    2828    global $current_user; 
    2929 
    30     if ( isset($current_user) && ($id == $current_user->ID) ) 
     30    if ( isset( $current_user ) && ( $current_user instanceof WP_User ) && ( $id == $current_user->ID ) ) 
    3131        return $current_user; 
    3232 
    33     $current_user = new WP_User($id, $name); 
    34  
    35     setup_userdata($current_user->ID); 
     33    $current_user = new WP_User( $id, $name ); 
     34 
     35    setup_userdata( $current_user->ID ); 
    3636 
    3737    do_action('set_current_user'); 
     
    7676 
    7777    if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) { 
    78         wp_set_current_user(0); 
     78        wp_set_current_user( 0 ); 
    7979        return false; 
    8080    } 
    8181 
    82     if ( ! empty($current_user) ) 
    83         return; 
     82    if ( ! empty( $current_user ) ) { 
     83        if ( $current_user instanceof WP_User ) 
     84            return; 
     85 
     86        // Upgrade stdClass to WP_User 
     87        if ( is_object( $current_user ) && isset( $current_user->ID ) ) { 
     88            $cur_id = $current_user->ID; 
     89            $current_user = null; 
     90            wp_set_current_user( $cur_id ); 
     91            return; 
     92        } 
     93 
     94        // $current_user has a junk value. Force to WP_User with ID 0. 
     95        $current_user = null; 
     96        wp_set_current_user( 0 ); 
     97        return false; 
     98    } 
    8499 
    85100    if ( ! $user = wp_validate_auth_cookie() ) { 
    86          if ( is_blog_admin() || is_network_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { 
    87             wp_set_current_user(0); 
     101         if ( is_blog_admin() || is_network_admin() || empty( $_COOKIE[LOGGED_IN_COOKIE] ) || !$user = wp_validate_auth_cookie( $_COOKIE[LOGGED_IN_COOKIE], 'logged_in' ) ) { 
     102            wp_set_current_user( 0 ); 
    88103            return false; 
    89104         } 
    90105    } 
    91106 
    92     wp_set_current_user($user); 
     107    wp_set_current_user( $user ); 
    93108} 
    94109endif; 
Note: See TracChangeset for help on using the changeset viewer.