#20845 closed defect (bug) (fixed)
wp_set_current_user( null, "name") does not work when $current_user is already 0
Reported by: | bobbingwide | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | 3.3.2 |
Component: | Users | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description (last modified by )
According to the documentation for wp_set_current_user() you can
Set $id to null and specify a name if you do not know a user's ID.
This does not work when the current user has already been set to anonymous ( ID = 0 ) since the following test returns true.
if ( isset( $current_user ) && ( $current_user instanceof WP_User ) && ( $id == $current_user->ID ) ) {
The last part of the test should be corrected to
&& ($id === $current_user->ID) )
which will ensure that the test fails when the $id parameter is null, which will allow the rest of the pluggable function to continue and set the current user to the specified $name.
This is similar to #19769.
Note: the change in 3.4 has not fixed this particular problem.
Attachments (4)
Change History (25)
#4
@
12 years ago
- Milestone changed from 3.4 to Awaiting Review
I believe bobbingwide was simply pointing out that the change in 3.4, [20410], did not fix this problem, and that it is not a regression (it was reported against 3.3.2).
#5
@
12 years ago
TRUE. I found the problem in 3.3.2 and confirmed that the latest change for 3.4 doesn't address this problem. I suspect that the problem has potentially existed for a long time but was exacerbated by more recent code that sets the current user to 0.
#6
@
11 years ago
I agree on the importance of the difference between 0 and null, I've added a patch with the strict check.
#8
@
11 years ago
Is this something that can be added to 3.7? or should the milestone be set to 3.8?
#9
@
11 years ago
Just talked this over with Nacin, I will write some unit test for this patch ASAP.
#11
@
9 years ago
- Keywords needs-testing added; needs-unit-tests needs-refresh removed
I've added a new file which contains a test setting the user by name with ID=null.
and a test demonstrating that name is trumped by ID. e.g. wp_set_current_user( "admin", "bobbingwide" ); will return the "admin" user.
There seems little point in adding tests for setting it by a numeric ID, since this is already implicit in many other tests.
This ticket was mentioned in Slack in #core by bobbingwide. View the logs.
9 years ago
#13
@
9 years ago
- Milestone changed from Awaiting Review to 4.4
- Owner set to boonebgorges
- Status changed from new to reviewing
#15
follow-up:
↓ 17
@
9 years ago
Thanks for the patch, bobbingwide. The strict check you've suggested will force a user switch in the following case:
wp_set_current_user( 3 ); wp_set_current_user( '3' );
I don't think we want that. So we'll be a bit more precise and check for $id === null
, which is how the $id
bypass is supposed to work anyway.
#17
in reply to:
↑ 15
;
follow-up:
↓ 18
@
9 years ago
Replying to boonebgorges:
Thanks for the patch, bobbingwide. The strict check you've suggested will force a user switch in the following case:
wp_set_current_user( 3 ); wp_set_current_user( '3' );I don't think we want that. So we'll be a bit more precise and check for
$id === null
, which is how the$id
bypass is supposed to work anyway.
Good spot. Will there need to be a test where?
ID=3 user_login="three" ID=4 user_login="3"
#18
in reply to:
↑ 17
;
follow-up:
↓ 21
@
9 years ago
Replying to bobbingwide:
Good spot. Will there need to be a test where?
ID=3 user_login="three" ID=4 user_login="3"
I don't think we need a separate case for that, since $id
and $name
are separate parameters. The only way they can be mixed up is by developer error, not by internal type mismatches.
#20
@
9 years ago
barrykooij - Dang it, you are correct. Many apologies. You'll be in the 4.4 credits for #22212.
#21
in reply to:
↑ 18
@
9 years ago
Replying to boonebgorges:
Replying to bobbingwide:
Good spot. Will there need to be a test where?
ID=3 user_login="three" ID=4 user_login="3"I don't think we need a separate case for that, since
$id
and$name
are separate parameters. The only way they can be mixed up is by developer error, not by internal type mismatches.
For this function it's OK. It's WP_User::__construct()
that could do with the test.
Note: The change in 3.4 was Revision [20410] for #20372
I tried a simple workaround; set to "admin" first.
wp_set_current_user( 1 );
wp_set_current_user( null, "workaround-for-20845" );