WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 4 months ago

#16484 new defect (bug)

Attempting to add user with username "0" gives fatal error

Reported by: markjaquith Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.1
Component: Users Keywords: needs-refresh dev-feedback
Focuses: Cc:

Description

Create a new user. Use the number 0 as the username. Receive this error:

Catchable fatal error: Object of class WP_Error could not be converted to string in /Users/mark/Sites/wp/wp-includes/formatting.php on line 2818

Attachments (2)

16484.patch (1.4 KB) - added by SergeyBiryukov 5 years ago.
16484.2.diff (3.4 KB) - added by MikeHansenMe 3 years ago.
this patch allows you to log in as 0

Download all attachments as: .zip

Change History (9)

comment:1 @Denis-de-Bernardy5 years ago

Who would ever want to been nicknamed zero? :-)

Joke aside, this is related to our use of empty() instead of isset() all over the place. (Best I'm aware, empty('0') returns true.) Similar issues likely apply for posts, terms, options, etc. Suggesting that we close this as maybelater, considering the amount of potential changes...

comment:2 @nacin5 years ago

empty('0') returns true, yes. But I don't think we overuse empty() as often you might think.

In this case, it's the deluge of empty() checks in wp_insert_user. Really, these should be !isset() || !strlen(). Clunky, but they'd handle this instance.

Last edited 5 years ago by nacin (previous) (diff)

@SergeyBiryukov5 years ago

comment:3 @SergeyBiryukov5 years ago

  • Keywords has-patch added

It seems that it's only a single line which prevents user creation in this case.

However if that user is a Contributor or above, I get a notice in wp_dropdown_users():

Notice: Undefined property: stdClass::$user_login in ...wp-includes/user.php on line 1019

Which is also addressed in the patch. But there might be other issues wich such username as well.

comment:4 @MikeHansenMe3 years ago

  • Keywords needs-patch added; has-patch removed

The patch does allow you to create the user however once the user is created you cannot log in as that user. You receive the error "ERROR: The username field is empty." there may still be more problems after this.

@MikeHansenMe3 years ago

this patch allows you to log in as 0

comment:5 @MikeHansenMe3 years ago

  • Keywords has-patch needs-testing added; needs-patch removed

you can log in as user 0 now but it still may cause problems elsewhere so I would recommend a lot of testing.

comment:6 @MikeHansenMe3 years ago

  • Cc mdhansen@… added

comment:7 @chriscct74 months ago

  • Keywords needs-refresh dev-feedback added; has-patch needs-testing removed
  • Priority changed from lowest to normal
  • Severity changed from minor to normal

Just because of how many plugins out there could do bad things with a username of 0 (or for that matter 1), perhaps we should prevent people from using the usernames 0, 1, true, and false

Note: See TracTickets for help on using tickets.