#17009 closed defect (bug) (duplicate)
wp_update_user not creating a new user if not passed an ID
Reported by: | casben79 | Owned by: | casben79 |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 3.1 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
the function wp_update_user() is not creating a new user if not passed an ID.
Bugging out as get_object_vars() expects an object but being passed false as no user ID was passed to the function
Upon further investigation was also hashing the password passed to it, when the function it calls ( wp_insert_user() ) does this again which has resulted in an incorrect password error.
I have created a patch for this, and in the process also cleaned up an unnecessary if( isset(...) ) statement at the end of the function as well as some missing whitespace.
Attachments (3)
Change History (12)
#1
@
13 years ago
the function wp_update_user() is not creating a new user if not passed an ID.
I think the description of the function is not showing the full picture:
* If $userdata does not contain an 'ID' key, then a new user will be created * and the new user's ID will be returned.
The said check is not performed, so the phpdoc should be corrected instead.
I think this is an error that went in in [6564] from patch registration.phpdoc.r6542.diff.
I think so because if ID is empty, get_userdata(empty) will return false and not an object that is treated like so later on.
Related: [16009], #13761(, [8782], #7550, [6564], #4383), [2872]
#2
@
13 years ago
That password hashing is a good point, but it needs to be hashed if the user is updated (not created) AFAIK momentarily.
@
13 years ago
Check array key existance before use as well, handle password hashing for non-empty ID only (creation of new user [identified by empty ID] will take care of hashing on it's own).
#6
@
12 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #16731.
#7
@
12 years ago
- Cc cartpauj@… added
- Keywords needs-patch added; has-patch removed
- Resolution duplicate deleted
- Severity changed from normal to major
- Status changed from closed to reopened
- Version 3.1 deleted
This is still a problem.
http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1455
That line is throwing an Exception, which prevents wp_insert_user from ever being called. The function description clearly states it will insert a new user if ID is not set.
So I propose that either wp_insert_user get stripped completely out of wp_update_user or wp_update_user needs fixed to allow wp_insert_user to actually get used before the Exception is thrown.
Patch for the issues.