Opened 8 years ago
Last modified 8 years ago
#40497 new defect (bug)
wp_insert_user requires user_login when ID is given
Reported by: | johnprestonsoapmedia | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | has-patch has-unit-tests |
Focuses: | Cc: |
Description
When passing an array containing an ID
key to wp_insert_user
, the local variable $update
is set to true
so that various checks throughout the function can be disabled.
if ( empty( $user_login ) )
checks for the existence of the user_login
key but does not include the check for !$update
. This means that if an array of user meta to be updated is passed in with an ID
, the array must also contain a user_login
, otherwise a WP_Error('empty_user_login')
will be thrown.
In the case that ID
is passed in but not user_login
, this exception should not be thrown as user_login
is redundant: user_login
can be determined from the ID, and logic earlier in the function (see lines 1411 onwards) determines that the user already exists and is to be updated.
Attachments (2)
Change History (10)
#1
follow-up:
↓ 3
@
8 years ago
- Keywords needs-patch reporter-feedback 2nd-opinion added
- Version trunk deleted
#3
in reply to:
↑ 1
;
follow-up:
↓ 6
@
8 years ago
- Keywords reporter-feedback removed
Replying to johnbillion:
Thanks for the report, @johnprestonsoapmedia, and welcome to WordPress Trac.
This does appear to be valid, but the same issue is not present when you call the
wp_update_user()
function which you should ideally use when updating a user. Is there a particular reason in this scenario why you're not usingwp_update_user()
?
Regardless, it looks on the surface like this should be fixed.
Hi @johnbillion. The documentation for wp_update_user
https://codex.wordpress.org/Function_Reference/wp_update_user indicates that it should be used when updating a user only and when sending an email is desired, whereas wp_insert_user
https://codex.wordpress.org/Function_Reference/wp_insert_user should be used when creating or updating and when an email should not be sent.
In my use case I wanted to ensure no email was sent, so I used wp_insert_user
.
#4
@
8 years ago
- Keywords has-patch added; needs-patch removed
Please see 40497.02.patch. This is definitely an interesting use of this function; removing the update logic is probably untenable, so the patch addresses the reported issue.
#5
@
8 years ago
- Keywords has-unit-tests added; 2nd-opinion removed
- Milestone changed from Awaiting Review to 4.8
#6
in reply to:
↑ 3
@
8 years ago
Replying to johnprestonsoapmedia:
The documentation for
wp_update_user
https://codex.wordpress.org/Function_Reference/wp_update_user indicates that it should be used when updating a user only and when sending an email is desired, whereaswp_insert_user
https://codex.wordpress.org/Function_Reference/wp_insert_user should be used when creating or updating and when an email should not be sent.
Just noting that in this case the documentation looks incorrect - and it should be noted that the codex is a wiki and community powered, it's not "official" documentation. The Developer documentation for wp_insert_user() does make reference to the fact that passing an ID
will cause it to be updated, but the intentional usage is not to bypass sending an email, that's just a side effect (that should probably be fixed).
Thanks for the report, @johnprestonsoapmedia, and welcome to WordPress Trac.
This does appear to be valid, but the same issue is not present when you call the
wp_update_user()
function which you should ideally use when updating a user. Is there a particular reason in this scenario why you're not usingwp_update_user()
?Regardless, it looks on the surface like this should be fixed.