WordPress.org

Make WordPress Core

Opened 10 months ago

Last modified 3 months ago

#49399 new defect (bug)

wp_get_users_with_no_role() does not handle user roles which contain numbers

Reported by: chillbram Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.4
Component: Users Keywords: has-unit-tests has-patch
Focuses: Cc:

Description

The function wp_get_users_with_no_role() does not correctly ascertain which roles it needs to search for. Before it queries the database it changes the names for roles which contain numbers (and special characters for that matter). It uses the following regex to adapt the list of roles it gets from wp_roles()->get_names():

<?php
$regex = implode( '|', array_keys( $role_names ) );
$regex = preg_replace( '/[^a-zA-Z_\|-]/', '', $regex );

This results in roles with names like "Year1" and "Group1Admins" to be truncated to "Year" and "GroupAdmins" respectively before querying.

This could be easily solved by extending the regex pattern to also accept numbers:

<?php
$regex = preg_replace( '/[^0-9a-zA-Z_\|-]/', '', $regex );

Attachments (1)

49399.1.patch (1.8 KB) - added by Mista-Flo 3 months ago.

Download all attachments as: .zip

Change History (5)

#1 @SergeyBiryukov
10 months ago

  • Component changed from General to Users
  • Keywords needs-patch needs-unit-tests added

This ticket was mentioned in Slack in #core by noisysocks. View the logs.


10 months ago

#3 @isabel_brison
10 months ago

  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 5.3.2 to 4.4

Best way forward here should be to change the regex to accept numbers provided they're not preceded by a colon, and to ensure that users are not allowed to add special characters in role names.

@Mista-Flo
3 months ago

#4 @Mista-Flo
3 months ago

  • Keywords has-unit-tests has-patch added; needs-patch needs-unit-tests removed

Hello guys, I have uploaded a patch to fix the issue. It also contains a dedicated unit test. Thanks for your help @chillbram

Note: See TracTickets for help on using tickets.