Make WordPress Core

Opened 8 years ago

Last modified 8 years ago

#40497 new defect (bug)

wp_insert_user requires user_login when ID is given

Reported by: johnprestonsoapmedia's profile johnprestonsoapmedia Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

When passing an array containing an ID key to wp_insert_user, the local variable $update is set to true so that various checks throughout the function can be disabled.

Line 1445:

 if ( empty( $user_login ) )

checks for the existence of the user_login key but does not include the check for !$update. This means that if an array of user meta to be updated is passed in with an ID, the array must also contain a user_login, otherwise a WP_Error('empty_user_login') will be thrown.

In the case that ID is passed in but not user_login, this exception should not be thrown as user_login is redundant: user_login can be determined from the ID, and logic earlier in the function (see lines 1411 onwards) determines that the user already exists and is to be updated.

Attachments (2)

40497.01.patch (974 bytes) - added by DJPaul 8 years ago.
40497.02.patch (1.8 KB) - added by DJPaul 8 years ago.

Download all attachments as: .zip

Change History (10)

#1 follow-up: @johnbillion
8 years ago

  • Keywords needs-patch reporter-feedback 2nd-opinion added
  • Version trunk deleted

Thanks for the report, @johnprestonsoapmedia, and welcome to WordPress Trac.

This does appear to be valid, but the same issue is not present when you call the wp_update_user() function which you should ideally use when updating a user. Is there a particular reason in this scenario why you're not using wp_update_user()?

Regardless, it looks on the surface like this should be fixed.

#3 in reply to: ↑ 1 ; follow-up: @johnprestonsoapmedia
8 years ago

  • Keywords reporter-feedback removed

Replying to johnbillion:

Thanks for the report, @johnprestonsoapmedia, and welcome to WordPress Trac.

This does appear to be valid, but the same issue is not present when you call the wp_update_user() function which you should ideally use when updating a user. Is there a particular reason in this scenario why you're not using wp_update_user()?

Regardless, it looks on the surface like this should be fixed.

Hi @johnbillion. The documentation for wp_update_user https://codex.wordpress.org/Function_Reference/wp_update_user indicates that it should be used when updating a user only and when sending an email is desired, whereas wp_insert_user https://codex.wordpress.org/Function_Reference/wp_insert_user should be used when creating or updating and when an email should not be sent.

In my use case I wanted to ensure no email was sent, so I used wp_insert_user.

@DJPaul
8 years ago

@DJPaul
8 years ago

#4 @DJPaul
8 years ago

  • Keywords has-patch added; needs-patch removed

Please see 40497.02.patch. This is definitely an interesting use of this function; removing the update logic is probably untenable, so the patch addresses the reported issue.

#5 @johnbillion
8 years ago

  • Keywords has-unit-tests added; 2nd-opinion removed
  • Milestone changed from Awaiting Review to 4.8

#6 in reply to: ↑ 3 @dd32
8 years ago

Replying to johnprestonsoapmedia:

The documentation for wp_update_user https://codex.wordpress.org/Function_Reference/wp_update_user indicates that it should be used when updating a user only and when sending an email is desired, whereas wp_insert_user https://codex.wordpress.org/Function_Reference/wp_insert_user should be used when creating or updating and when an email should not be sent.

Just noting that in this case the documentation looks incorrect - and it should be noted that the codex is a wiki and community powered, it's not "official" documentation. The Developer documentation for wp_insert_user() does make reference to the fact that passing an ID will cause it to be updated, but the intentional usage is not to bypass sending an email, that's just a side effect (that should probably be fixed).

This ticket was mentioned in Slack in #core by obenland. View the logs.


8 years ago

#8 @obenland
8 years ago

  • Milestone changed from 4.8 to Future Release
Note: See TracTickets for help on using tickets.