Make WordPress Core

Changeset 41654


Ignore:
Timestamp:
09/30/2017 04:09:11 AM (7 years ago)
Author:
flixos90
Message:

Multisite: Fix wp_get_users_with_no_role() possibly including users with a role on a different site.

Prior to this change, when passing another site than the current one to wp_get_users_with_no_role() through its $site_id parameter, the function still used the roles available on the current site, which would cause users with other roles that possibly exist on the other site to show up as users without a role. Switching the site before retrieving the available rules fixes the issue.

Fixes #42015.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r41653 r41654  
    25212521
    25222522    $prefix = $wpdb->get_blog_prefix( $site_id );
    2523     $regex  = implode( '|', array_keys( wp_roles()->get_names() ) );
     2523
     2524    if ( is_multisite() && $site_id != get_current_blog_id() ) {
     2525        switch_to_blog( $site_id );
     2526        $role_names = wp_roles()->get_names();
     2527        restore_current_blog();
     2528    } else {
     2529        $role_names = wp_roles()->get_names();
     2530    }
     2531
     2532    $regex  = implode( '|', array_keys( $role_names ) );
    25242533    $regex  = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex );
    25252534    $users  = $wpdb->get_col( $wpdb->prepare( "
  • trunk/tests/phpunit/tests/user/wpGetUsersWithNoRole.php

    r41138 r41654  
    102102    }
    103103
     104    /**
     105     * @ticket 42015
     106     * @group multisite
     107     * @group ms-required
     108     */
     109    public function test_get_users_with_no_role_matches_on_role_name_different_site() {
     110        $site_id = (int) self::factory()->blog->create();
     111
     112        switch_to_blog( $site_id );
     113        wp_roles()->add_role( 'somerole', 'Some role display name' );
     114        $user_id = self::factory()->user->create( array(
     115            'role' => 'somerole',
     116        ) );
     117        restore_current_blog();
     118
     119        $users = wp_get_users_with_no_role( $site_id );
     120
     121        $this->assertEmpty( $users );
     122    }
     123
    104124}
Note: See TracChangeset for help on using the changeset viewer.