#28435 closed defect (bug) (fixed)
wp_update_user breaks when passed WP_User instance
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description (last modified by )
Supposedly fixed in #21429. (Tangential to #28019)
If you pass a WP_User
instance to wp_update_user
, it first calls WP_User::to_array
, which returns the user data from the DB. This is then treated as the input data.
The problem then is that $userdata['user_pass']
is always set, as it's always included in $userdata
. This then gets double-hashed by wp_update_user
. (wp_update_user
will then update the cookies, so the user won't notice until they're logged out)
To reproduce:
<?php $testuserid = 1; $user = get_userdata( $testuserid ); echo 'Before: ' . $user->user_pass; wp_update_user( $user ); // Reload the data $user = get_userdata( $testuserid ); echo 'After: ' . $user->user_pass;
Current output:
Before: $P$BDqB8PmujqwtUNqnDW/aiQKuAEvm741 After: $P$BsqV0Lkka4QIWE9RaveZ49wvOMnHD//
This operation should have been a no-op, but isn't.
(Ticket previously stated this happens with wp_insert_user
; this is incorrect, as wp_insert_user
doesn't hash the password for updates.)
Attachments (4)
Change History (12)
#1
@
9 years ago
- Description modified (diff)
- Summary changed from wp_insert_user/wp_update_user break when passed WP_User instance to wp_update_user breaks when passed WP_User instance
#4
@
9 years ago
Updated path of diff file so it can be applied from the root directory. (my first patch...)
#5
@
8 years ago
- Owner set to wonderboymusic
- Resolution set to fixed
- Status changed from new to closed
In 35116:
.diff file for ticket 28435