Make WordPress Core

Changeset 55301


Ignore:
Timestamp:
02/09/2023 01:29:42 AM (22 months ago)
Author:
SergeyBiryukov
Message:

Login and Registration: Set correct default values in wp_signon().

The $credentials['user_login'] and $credentials['user_password'] parameters are passed by reference to the wp_authenticate action, and are at that point created as null if they don't exist in the array.

This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:

  • One from preg_replace() in wp_strip_all_tags() via sanitize_user() in wp_authenticate():
    Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
    
  • One from trim() in wp_authenticate() itself:
    Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
    

Includes documenting the $credentials parameter using hash notation.

Follow-up to [6643], [37697].

Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes #56850.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r55161 r55301  
    2727 * @global string $auth_secure_cookie
    2828 *
    29  * @param array       $credentials   Optional. User info in order to sign on.
     29 * @param array       $credentials {
     30 *     Optional. User info in order to sign on.
     31 *
     32 *     @type string $user_login    Username.
     33 *     @type string $user_password User password.
     34 *     @type bool   $remember      Whether to 'remember' the user. Increases the time
     35 *                                 that the cookie will be kept. Default false.
     36 * }
    3037 * @param string|bool $secure_cookie Optional. Whether to use secure cookie.
    3138 * @return WP_User|WP_Error WP_User on success, WP_Error on failure.
     
    3340function wp_signon( $credentials = array(), $secure_cookie = '' ) {
    3441    if ( empty( $credentials ) ) {
    35         $credentials = array(); // Back-compat for plugins passing an empty string.
     42        $credentials = array(
     43            'user_login'    => '',
     44            'user_password' => '',
     45            'remember'      => false,
     46        );
    3647
    3748        if ( ! empty( $_POST['log'] ) ) {
  • trunk/tests/phpunit/tests/auth.php

    r55250 r55301  
    443443        $_POST['pwd'] = $user_args['user_pass'];
    444444        $this->assertInstanceOf( 'WP_User', wp_signon() );
     445    }
     446
     447    /**
     448     * Tests that PHP 8.1 "passing null to non-nullable" deprecation notices
     449     * are not thrown when `user_login` and `user_password` parameters are empty.
     450     *
     451     * The notices that we should not see:
     452     * `Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated`.
     453     * `Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated`.
     454     *
     455     * @ticket 56850
     456     */
     457    public function test_wp_signon_does_not_throw_deprecation_notices_with_default_parameters() {
     458        $error = wp_signon();
     459        $this->assertWPError( $error, 'The result should be an instance of WP_Error.' );
     460
     461        $error_codes = $error->get_error_codes();
     462        $this->assertContains( 'empty_username', $error_codes, 'The "empty_username" error code should be present.' );
     463        $this->assertContains( 'empty_password', $error_codes, 'The "empty_password" error code should be present.' );
    445464    }
    446465
Note: See TracChangeset for help on using the changeset viewer.