WP_User_Query does not allow search_fields to use display_name

[bcole808]

Expected Behavior:

The following query:

<?php
new WP_User_Query(array(
        'search' => '*Ben*',
        'search_columns' => 'display_name',
));

should search the users table and ONLY look at the column 'display_name'.

Observed problematic behavior:

During the prepare_query method, the search column parameter gets reset to the default value because of this line (around line 526) which appears to be filtering the allowed values for safety:

<?php
$search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename' ) );

You can see in the lines of code following this, by default it will include all fields (including display_name) like this:

<?php
$search_columns = array('user_login', 'user_url', 'user_email', 'user_nicename', 'display_name');

It looks like display_name is just missing from the whitelist of allowed custom query fields. I will attach a patch which should fix this problem.

[bcole808]

Include display_name as allowed search column

[SergeyBiryukov]

Confirmed. display_name was added to the list of default columns to search in [32980], but was not included in the whitelist, so it's impossible to search only by display_name at the moment.

39643.1.diff​ looks good, let's also add a unit test if possible.

Note: The snippet from ticket description doesn't work as is and causes a PHP warning:

Warning: array_intersect(): Argument #1 is not an array in wp-includes/class-wp-user-query.php on line 526

search_columns should be an array, not a string:

new WP_User_Query( array(
	'search' => '*Ben*',
	'search_columns' => array( 'display_name' ),
) );

[pcarvalho]

Checks that it searches only in display_name and not in any other field

[pcarvalho]

Hi everyone, I've added 2 unit tests:
1- return the user that has the string in display_name
2- don't return the user that has the string in other fields

@bcole808, may I ask you to update your patch to add curly brackets around that block?

or if you don't mind, I can do it.

[bcole808]

Added curly brackets around 'if' block

[engelen]

Patch looks good to me as well. The unit tests are a bit limited, I would argue, in the sense that they only test for the display_name column (i.e., what went wrong in this case). However, the unit tests will still pass if, in a next release, the same problem occurs with user_email, for example.

@obenland Can this be moved to 4.9? Seems like a solid, simple patch for what is clearly a bug.

[boonebgorges]

Thank you for the updated patch!

However, the unit tests will still pass if, in a next release, the same problem occurs with user_email, for example.

Full tests for all searchable fields would be great, but are not critical for this feature to land. Let's get them as part of a separate ticket.

[boonebgorges]

In 40982:

Allow user searches to match the display_name field.

Props bcole808, pcarvalho.
Fixes #39643.

[rmccue]

FYI, this is now indirectly tested thanks to r41011.