Opened 14 years ago
Closed 10 years ago
#16731 closed defect (bug) (fixed)
Unchecked array_merge() returns NULL in wp_update_user();
Reported by: | milan.chotai | Owned by: | |
---|---|---|---|
Milestone: | 3.5.1 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
I am running PHP version 5.3.3-1ubuntu9.3 and encountered a bug in a simple plug-in I wrote that worked up to Wordpress v3.0.5 but not in 3.1. It uses wp_update_user(), which is causing the issue. I traced the bug to line 1563 of wp-includes/user.php:
$userdata = array_merge($user, $userdata);
If $user is NULL, then array_merge returns NULL, making $userdata useless to other functions that follow like wp_insert_user().
Attachments (3)
Change History (17)
#1
follow-up:
↓ 2
@
14 years ago
- Keywords 2nd-opinion reporter-feedback added; needs-patch needs-testing removed
#2
in reply to:
↑ 1
@
14 years ago
Replying to nacin:
I don't see how $user would be null. wp_update_user() should only be fired on existing users.
From the function docblock: "If $userdata does not contain an 'ID' key, then a new user will be created and the new user's ID will be returned." So, we should be able to call wp_update_user() regardless of whether we mean "update" or "create." Just like milan.chotai, I have code that does this for convenience.
#3
@
14 years ago
Here's some code that generates these errors:
function test_wp_update_user() { $userdata = array( 'user_login' => 'user' . md5( microtime(true) ), 'user_pass' => 'foo', ); var_dump( wp_update_user( $userdata ) ); }
And the output:
Notice: Undefined index: ID in /web/wp-trunk/wp-includes/user.php on line 1546 Warning: get_object_vars() expects parameter 1 to be object, boolean given in /web/wp-trunk/wp-includes/user.php on line 1552 Warning: array_merge(): Argument #1 is not an array in /web/wp-trunk/wp-includes/user.php on line 1563 Warning: extract() expects parameter 1 to be array, null given in /web/wp-trunk/wp-includes/user.php on line 1385 Notice: Undefined variable: user_pass in /web/wp-trunk/wp-includes/user.php on line 1395 Notice: Undefined variable: user_login in /web/wp-trunk/wp-includes/user.php on line 1398 object(WP_Error)#184 (2) { ["errors"]=> array(1) { ["empty_user_login"]=> array(1) { [0]=> string(46) "Cannot create a user with an empty login name." } } ["error_data"]=> array(0) { } }
#5
@
14 years ago
- Keywords has-patch added; 2nd-opinion reporter-feedback removed
adambackstrom's patch still doesn't account for empty $user_data['ID']
, some notices are still there. Another patch attached that addresses this.
And yes, the docblock does indeed mention that if an ID key is not specified, a new user would be created.
#6
@
12 years ago
- Cc karacsi_maci added
This problem still not solved (after 21 month?)
$userdata = array( 'ID' => get_current_user_id(), 'first_name' => $this->postVars['firstName'], 'last_name' => $this->postVars['lastName']); if (!empty($this->postVars['pass'])) { $userdata['user_pass'] = $this->postVars['pass']; } wp_update_user($userdata);
(The $this->postVars exactly the same as $_POST, don't care about it).
If you just comment out the ID line, you will get the get_object_vars error.
So codex lies:
"If $userdata does not contain an 'ID' key, then a new user will be created and the new user's ID will be returned."
(There are first name and last name in my array). So you should rewrite the codex, to tell to users that, they SHOULD use a loginname at least.
#9
@
12 years ago
Posting here since #17009 was closed again. Thanks.
http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1455 That line is throwing an Exception, which prevents wp_insert_user from ever being called. The function description clearly states it will insert a new user if ID is not set.
So I propose that either wp_insert_user get stripped completely out of wp_update_user or wp_update_user needs fixed to allow wp_insert_user to actually get used before the Exception is thrown.
I don't see how $user would be null. wp_update_user() should only be fired on existing users.
If
$userdata['ID']
isn't set or ifget_userdata()
on that ID fails, then ideally wp_update_user() should fail.Also, get_userdata() fails with false, not null (but the same symptoms would occur with the array_merge()).