Opened 7 years ago
Last modified 7 months ago
#47064 new defect (bug)
Missing "user_id" parameter in user-edit.php form
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 0.71 |
| Component: | Users | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Hi, there is a bug when updating someone's user's profile by leaving a required field blank.
Example leaving the nickname field as blank, it will show some error that you need to fill out the field. But when you refresh the page, the page will be "Invalid user ID.". The ?user_id in the url has been removed.
Thank you
Attachments (1)
Change History (4)
#3
@
7 months ago
- Summary changed from User Profile to Missing "user_id" parameter in user-edit.php form
- Version changed from 5.1.1 to 0.71
The issue is there since dinosaurs, I mean since b2 in profile.php file. The form action parameter is missing the user_id, so you cannot reload the page once submitted. You can submit it again and again since the parameter lies in a hidden input field, but reloading is not allowed.
The patch should just be to add the user_id at the right place, that's it.
Could be a nice first patch ;)
<?php if ( IS_PROFILE_PAGE ) { $edit_url = esc_url( self_admin_url( 'profile.php' ) ); } else { $edit_url = add_query_arg( 'user_id', $user_id, esc_url( self_admin_url( 'user-edit.php' ) ) ); } ?> <form id="your-profile" action="<?php echo $edit_url; ?>" method="post" novalidate="novalidate" <?php unset( $edit_url );
Hi jdan21,
I've created a patch (47064.diff), that ensures that the form can't be submitted with an empty nickname (and e-mail) at first hand.