Make WordPress Core

Opened 13 years ago

Closed 11 years ago

Last modified 11 years ago

#17009 closed defect (bug) (duplicate)

wp_update_user not creating a new user if not passed an ID

Reported by: casben79's profile casben79 Owned by: casben79's profile casben79
Milestone: Priority: normal
Severity: major Version: 3.1
Component: Users Keywords: has-patch
Focuses: Cc:

Description

the function wp_update_user() is not creating a new user if not passed an ID.

Bugging out as get_object_vars() expects an object but being passed false as no user ID was passed to the function

Upon further investigation was also hashing the password passed to it, when the function it calls ( wp_insert_user() ) does this again which has resulted in an incorrect password error.

I have created a patch for this, and in the process also cleaned up an unnecessary if( isset(...) ) statement at the end of the function as well as some missing whitespace.

Attachments (3)

wp_update_user.patch (1.7 KB) - added by casben79 13 years ago.
Patch for the issues.
17009.patch (744 bytes) - added by hakre 13 years ago.
Test for get_userdata() return value before continuing.
17009.2.patch (1.1 KB) - added by hakre 13 years ago.
Check array key existance before use as well, handle password hashing for non-empty ID only (creation of new user [identified by empty ID] will take care of hashing on it's own).

Download all attachments as: .zip

Change History (12)

@casben79
13 years ago

Patch for the issues.

#1 @hakre
13 years ago

the function wp_update_user() is not creating a new user if not passed an ID.

I think the description of the function is not showing the full picture:

 * If $userdata does not contain an 'ID' key, then a new user will be created
 * and the new user's ID will be returned.

The said check is not performed, so the phpdoc should be corrected instead.

I think this is an error that went in in [6564] from patch registration.phpdoc.r6542.diff.

I think so because if ID is empty, get_userdata(empty) will return false and not an object that is treated like so later on.

Related: [16009], #13761(, [8782], #7550, [6564], #4383), [2872]

Last edited 13 years ago by hakre (previous) (diff)

@hakre
13 years ago

Test for get_userdata() return value before continuing.

#2 @hakre
13 years ago

That password hashing is a good point, but it needs to be hashed if the user is updated (not created) AFAIK momentarily.

@hakre
13 years ago

Check array key existance before use as well, handle password hashing for non-empty ID only (creation of new user [identified by empty ID] will take care of hashing on it's own).

#3 @downloadbook
12 years ago

Spam.

Last edited 12 years ago by duck_ (previous) (diff)

#4 @SergeyBiryukov
12 years ago

Closed #19261 as a duplicate.

#5 @lkraav
12 years ago

  • Cc lkraav added

#6 @SergeyBiryukov
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #16731.

#7 @cartpauj
11 years ago

  • Cc cartpauj@… added
  • Keywords needs-patch added; has-patch removed
  • Resolution duplicate deleted
  • Severity changed from normal to major
  • Status changed from closed to reopened
  • Version 3.1 deleted

This is still a problem.
http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/user.php#L1455
That line is throwing an Exception, which prevents wp_insert_user from ever being called. The function description clearly states it will insert a new user if ID is not set.

So I propose that either wp_insert_user get stripped completely out of wp_update_user or wp_update_user needs fixed to allow wp_insert_user to actually get used before the Exception is thrown.

#8 @helen
11 years ago

  • Keywords needs-patch removed
  • Resolution set to duplicate
  • Status changed from reopened to closed

Still a duplicate of #16731

#9 @SergeyBiryukov
11 years ago

  • Keywords has-patch added
  • Version set to 3.1
Note: See TracTickets for help on using tickets.