register_new_user() can't handle WP_Error result from wp_create_user()
|Reported by:||coffee2code||Owned by:||nacin|
register_new_user() in wp-login.php does not properly handle a WP_Error object, which is the potential return value from its call to wp_create_user().
wp_create_user() is basically a pass-through to wp_insert_user(). As a result of , the commit of a patch that was part of #11644 (the MU-merge ticket), new checks were added to wp_insert_user() which changed the potential behavior of the function to return a WP_Error object. register_new_user() can thus fail with a FATAL error:
Notice: Object of class WP_Error could not be converted to int in /Users/scott/Sites/wp30.dev/wp-includes/functions.php on line 3150 Catchable fatal error: Object of class WP_Error could not be converted to string in /Users/scott/Sites/wp30.dev/wp-includes/formatting.php on line 2782
Currently it is not likely the above situation would be tripped. But this is only because register_new_user() and wp_insert_user() perform almost identical error checks (the former does more, actually). However, the errors generated in register_new_user() can all be suppressed by plugins via the 'registration_errors' hook. However, some those same error checks will then be performed in wp_insert_user() and thus return a WP_Error (without a way to suppress those).
Related issues aside, the fact of the matter is that wp_create_user() can return a WP_Error object and register_new_user() can't handle it. The fix is simple and attached.
Change History (10)
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed