WordPress.org

Make WordPress Core

Changeset 35280


Ignore:
Timestamp:
10/20/2015 05:27:32 AM (5 years ago)
Author:
wonderboymusic
Message:

Users: when calling wp_insert_user() with an valid user ID, return WP_Error instead of arbitrarily updating user meta.

Adds unit test.

Props swissspidy, bilalcoder.
Fixes #28004.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user-functions.php

    r35189 r35280  
    12761276        $userdata = $userdata->to_array();
    12771277    }
     1278
    12781279    // Are we updating or creating?
    12791280    if ( ! empty( $userdata['ID'] ) ) {
    12801281        $ID = (int) $userdata['ID'];
    12811282        $update = true;
    1282         $old_user_data = WP_User::get_data_by( 'id', $ID );
     1283        $old_user_data = get_userdata( $ID );
     1284
     1285        if ( ! $old_user_data ) {
     1286            return new WP_Error( 'invalid_user_id', __( 'Invalid user ID.' ) );
     1287        }
     1288
    12831289        // hashed in wp_update_user(), plaintext if called directly
    12841290        $user_pass = $userdata['user_pass'];
  • trunk/tests/phpunit/tests/user.php

    r35247 r35280  
    818818        $expected = str_repeat( 'a', 48 ) . '-5';
    819819        $this->assertSame( $expected, $user->user_nicename );
     820    }
     821
     822    /**
     823     * @ticket 28004
     824     */
     825    public function test_wp_insert_user_with_invalid_user_id() {
     826        $u = wp_insert_user( array(
     827            'ID' => 123,
     828            'user_login' => 'whatever',
     829            'user_email' => 'whatever@example.com',
     830            'user_pass' => 'password',
     831        ) );
     832
     833        $this->assertWPError( $u );
    820834    }
    821835
Note: See TracChangeset for help on using the changeset viewer.