WordPress.org

Make WordPress Core

Opened 3 weeks ago

Last modified 2 weeks ago

#44510 new defect (bug)

count_user_posts() does not check for empty $userid

Reported by: Ste_95 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

If count_user_posts() is called with a NULL $userid, it will return the total count of all site posts, rather than 0 or some error.

I think this should not be expected behavior and we should bail early if $userid is NULL. This happens because get_posts_by_author_sql() then ignores the $userid arg if it is NULL.

https://core.trac.wordpress.org/browser/tags/4.9.6/src/wp-includes/user.php#L347

Attachments (3)

user.diff (120.2 KB) - added by krynes 2 weeks ago.
I think this is solution
user.2.diff (533 bytes) - added by krynes 2 weeks ago.
I think this is solution
44510.diff (487 bytes) - added by krynes 2 weeks ago.
This is solution, the best option

Download all attachments as: .zip

Change History (6)

@krynes
2 weeks ago

I think this is solution

@krynes
2 weeks ago

I think this is solution

#1 @krynes
2 weeks ago

  • Keywords has-patch added

@krynes
2 weeks ago

This is solution, the best option

#2 @Ste_95
2 weeks ago

I don't think we should check for is_user_logged_in(), since get_posts_by_author_sql() doesn't change its behavior in case the user is logged in.

#3 @Ste_95
2 weeks ago

Last edited 2 weeks ago by Ste_95 (previous) (diff)
Note: See TracTickets for help on using tickets.