Opened 5 years ago
Last modified 4 years ago
#49399 new defect (bug)
wp_get_users_with_no_role() does not handle user roles which contain numbers
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.4 |
Component: | Users | Keywords: | has-unit-tests has-patch |
Focuses: | Cc: |
Description
The function wp_get_users_with_no_role() does not correctly ascertain which roles it needs to search for. Before it queries the database it changes the names for roles which contain numbers (and special characters for that matter). It uses the following regex to adapt the list of roles it gets from wp_roles()->get_names():
<?php $regex = implode( '|', array_keys( $role_names ) ); $regex = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex );
This results in roles with names like "Year1" and "Group1Admins" to be truncated to "Year" and "GroupAdmins" respectively before querying.
This could be easily solved by extending the regex pattern to also accept numbers:
<?php $regex = preg_replace( '/[^0-9a-zA-Z_\|-]/', '', $regex );
Attachments (1)
Change History (6)
#1
@
5 years ago
- Component changed from General to Users
- Keywords needs-patch needs-unit-tests added
This ticket was mentioned in Slack in #core by noisysocks. View the logs.
5 years ago
#3
@
5 years ago
- Milestone changed from Awaiting Review to Future Release
- Version changed from 5.3.2 to 4.4
Note: See
TracTickets for help on using
tickets.
Best way forward here should be to change the regex to accept numbers provided they're not preceded by a colon, and to ensure that users are not allowed to add special characters in role names.