Opened 9 years ago
Last modified 19 months ago
#36405 new defect (bug)
User creation fails for users with long names.
Reported by: | cfinke | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Users | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Summary: When creating a user with a long first or last name, the query that inserts the user into the DB is assumed to have succeeded, but that fact is never verified.
Sign in as an admin and create a new user, giving it the first name ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQ
(or any 251-byte string). After submitting the form, you'll see a handful of error messages (line numbers are from trunk just now, but I can reproduce the bug as far back as 4.2.1):
Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1716 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1717 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1730 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1738 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1740 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1742 Notice: Trying to get property of non-object in wp-includes/pluggable.php on line 1746 Warning: Cannot modify header information - headers already sent by (output started at wp-includes/pluggable.php:1716) in wp-includes/pluggable.php on line 1171
What happens is that the $wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );
call in wp_insert_user()
fails, but there's no check to ensure that it succeeded, so the code proceeds to try and create a new WP_User
with ID 0
. This results in unexpected behavior, like sending a "New User Registration" email to the admin with blank "Username" and "Email" values.
The failure is due to $wpdb->process_fields()
calling $wpdb->strip_invalid_text()
, which truncates the display_name
field (because the display_name
field only allows 250 bytes), and because it then doesn't match the value passed into $wpdb->process_fields()
, it returns false
. So this isn't so much a bug about a text string that's too long, it's really a bug about not checking the return value of $wpdb->insert()
.
I think the resolution of #10377 is probably the same kind of approach that could be taken here, since the problems seem similar.
Related: #33793