Opened 14 years ago
Closed 6 years ago
#16484 closed defect (bug) (wontfix)
Attempting to add user with username "0" gives fatal error
Reported by: | markjaquith | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.1 |
Component: | Users | Keywords: | needs-refresh |
Focuses: | Cc: |
Description
Create a new user. Use the number 0 as the username. Receive this error:
Catchable fatal error: Object of class WP_Error could not be converted to string in /Users/mark/Sites/wp/wp-includes/formatting.php on line 2818
Attachments (2)
Change History (10)
#2
@
14 years ago
empty('0') returns true, yes. But I don't think we overuse empty() as often you might think.
In this case, it's the deluge of empty() checks in wp_insert_user. Really, these should be !isset() || !strlen()
. Clunky, but they'd handle this instance.
#3
@
14 years ago
- Keywords has-patch added
It seems that it's only a single line which prevents user creation in this case.
However if that user is a Contributor or above, I get a notice in wp_dropdown_users()
:
Notice: Undefined property: stdClass::$user_login in ...wp-includes/user.php on line 1019
Which is also addressed in the patch. But there might be other issues wich such username as well.
#4
@
12 years ago
- Keywords needs-patch added; has-patch removed
The patch does allow you to create the user however once the user is created you cannot log in as that user. You receive the error "ERROR: The username field is empty." there may still be more problems after this.
#5
@
12 years ago
- Keywords has-patch needs-testing added; needs-patch removed
you can log in as user 0 now but it still may cause problems elsewhere so I would recommend a lot of testing.
#7
@
10 years ago
- Keywords needs-refresh dev-feedback added; has-patch needs-testing removed
- Priority changed from lowest to normal
- Severity changed from minor to normal
Just because of how many plugins out there could do bad things with a username of 0 (or for that matter 1), perhaps we should prevent people from using the usernames 0
, 1
, true
, and false
#8
@
6 years ago
- Keywords dev-feedback removed
- Milestone Future Release deleted
- Resolution set to wontfix
- Status changed from new to closed
Notably 0
is not a valid username in multisite as well. It does not meet the 4 character minimum, and must contain at least 1 letter default restrictions. For now closing as wontfix.
Who would ever want to been nicknamed zero? :-)
Joke aside, this is related to our use of empty() instead of isset() all over the place. (Best I'm aware, empty('0') returns true.) Similar issues likely apply for posts, terms, options, etc. Suggesting that we close this as maybelater, considering the amount of potential changes...