Make WordPress Core

Opened 12 years ago

Closed 5 years ago

#16484 closed defect (bug) (wontfix)

Attempting to add user with username "0" gives fatal error

Reported by: markjaquith's profile markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Users Keywords: needs-refresh
Focuses: Cc:


Create a new user. Use the number 0 as the username. Receive this error:

Catchable fatal error: Object of class WP_Error could not be converted to string in /Users/mark/Sites/wp/wp-includes/formatting.php on line 2818

Attachments (2)

16484.patch (1.4 KB) - added by SergeyBiryukov 12 years ago.
16484.2.diff (3.4 KB) - added by MikeHansenMe 11 years ago.
this patch allows you to log in as 0

Download all attachments as: .zip

Change History (10)

#1 @Denis-de-Bernardy
12 years ago

Who would ever want to been nicknamed zero? :-)

Joke aside, this is related to our use of empty() instead of isset() all over the place. (Best I'm aware, empty('0') returns true.) Similar issues likely apply for posts, terms, options, etc. Suggesting that we close this as maybelater, considering the amount of potential changes...

#2 @nacin
12 years ago

empty('0') returns true, yes. But I don't think we overuse empty() as often you might think.

In this case, it's the deluge of empty() checks in wp_insert_user. Really, these should be !isset() || !strlen(). Clunky, but they'd handle this instance.

Last edited 12 years ago by nacin (previous) (diff)

#3 @SergeyBiryukov
12 years ago

  • Keywords has-patch added

It seems that it's only a single line which prevents user creation in this case.

However if that user is a Contributor or above, I get a notice in wp_dropdown_users():

Notice: Undefined property: stdClass::$user_login in ...wp-includes/user.php on line 1019

Which is also addressed in the patch. But there might be other issues wich such username as well.

#4 @MikeHansenMe
11 years ago

  • Keywords needs-patch added; has-patch removed

The patch does allow you to create the user however once the user is created you cannot log in as that user. You receive the error "ERROR: The username field is empty." there may still be more problems after this.

11 years ago

this patch allows you to log in as 0

#5 @MikeHansenMe
11 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

you can log in as user 0 now but it still may cause problems elsewhere so I would recommend a lot of testing.

#6 @MikeHansenMe
11 years ago

  • Cc mdhansen@… added

#7 @chriscct7
8 years ago

  • Keywords needs-refresh dev-feedback added; has-patch needs-testing removed
  • Priority changed from lowest to normal
  • Severity changed from minor to normal

Just because of how many plugins out there could do bad things with a username of 0 (or for that matter 1), perhaps we should prevent people from using the usernames 0, 1, true, and false

#8 @chriscct7
5 years ago

  • Keywords dev-feedback removed
  • Milestone Future Release deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Notably 0 is not a valid username in multisite as well. It does not meet the 4 character minimum, and must contain at least 1 letter default restrictions. For now closing as wontfix.

Note: See TracTickets for help on using tickets.