wp_insert_user should return WP_Error if user_url's length is too long

[tszming]

Just like the user_nicename checking

Consider the test below

public function test_wp_insert_user_should_reject_user_url_over_100_characters() {
    $user_url = str_repeat( 'a', 101 );

    $u             = wp_insert_user(
        array(
            'user_login'    => 'test',
            'user_email'    =>  'test@example.com',
            'user_pass'     => 'password',
            'user_url' => $user_url,
        )
    );

    $this->assertWPError( $u );
}

This also apply to the function wp_update_user

[mkox]

I tried to create a user with an user url with more than 100 characters. The user will not be created but an empty registration mail was sent to the given mail address and a "New User created" message is shown in admin area.

[mkox]

Create error if user url length is > 100 characters, includes unit-test

[mkox]

The patch checks for the user url length and returns a WP_Error just like at user's nicename.

Test from @tszming added accordingly.

[sabernhardt]

Thanks for the patch!

Please adjust the spacing so the equal signs line up and there are no extra spaces/tabs.

	public function test_wp_insert_user_should_reject_user_url_over_100_characters() {
		$user_url = str_repeat( 'a', 101 );
		$u        = wp_insert_user(
			array(
				'user_login' => 'test',
				'user_email' => 'test@example.com',
				'user_pass'  => 'password',
				'user_url'   => $user_url,
			)
		);

[mkox]

Fixed indentations in patch

[mkox]

Thanks for the hint @sabernhardt!

[mkox]

Remove wrong tabs

[SergeyBiryukov]

Thanks for the patch and the unit test!

This looks good, I only have a few minor notes:

• The if ( mb_strlen( $raw_user_url ) > 100 ) { ... } condition itself does not need a DocBlock, as it's not a function nor a hook. See the ​documentation standards for more details on what entities need a DocBlock.
• I think the check should run after the pre_user_url filter, to make sure the filtered value is still no longer than 100 characters. That would be consistent with the mb_strlen( $user_login ) > 60 check, which runs after the pre_user_login filter, though not with the mb_strlen( $user_nicename ) > 50 check, which runs before the pre_user_nicename filter for some reason. Let's address the latter in a new ticket. Some history: [34218].
• The unit test should also verify that the error code is user_url_too_long.

I can make these adjustments on commit.

[SergeyBiryukov]

In 52650:

Users: Return a WP_Error from wp_insert_user() if the user_url field is too long.

The user_url database field only allows up to 100 characters, and if the value is longer than that, the function should return a proper error message instead of silently failing.

This complements similar checks for user_login and user_nicename fields.

Follow-up to [45], [1575], [32299], [34218], [34626].

Props mkox, sabernhardt, tszming, SergeyBiryukov.
Fixes #44107.

[SergeyBiryukov]

Replying to SergeyBiryukov:

I think the check should run after the pre_user_url filter, to make sure the filtered value is still no longer than 100 characters. That would be consistent with the mb_strlen( $user_login ) > 60 check, which runs after the pre_user_login filter, though not with the mb_strlen( $user_nicename ) > 50 check, which runs before the pre_user_nicename filter for some reason. Let's address the latter in a new ticket.

Follow-up: #54987.

[Cybr]

I did not test the code, but just for sanity, if we now insert a few mb* chars (strlen( $user_url ) > 100 === true), this "empty registration email"-issue will no longer happen? If it does, shouldn't we use strlen() instead of mb_strlen()?

echo mb_strlen( str_repeat( chr(240) . chr(159) . chr(144) . chr(152), 100 ) ); // 100
echo    strlen( str_repeat( chr(240) . chr(159) . chr(144) . chr(152), 100 ) ); // 400

[SergeyBiryukov]

mb_strlen() is what was used for user_login and user_nicename in [34218]. I believe it is also the correct check for the user_url field, as the database field is limited to 100 characters, not 100 bytes.