Make WordPress Core

Opened 4 years ago

Last modified 5 months ago

#53109 reviewing defect (bug)

wp_insert_user should return a WP_Error when passing a too long first_name parameter

Reported by: superpuperlesha's profile superpuperlesha Owned by: audrasjb's profile audrasjb
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

When I call the wp_insert_user function to which I pass too long first_name, I do not get an error, but I get a 0-integer. Although the documentation says, either wp_error or integer-ok.
P.S. I create user with this function ..

Change History (5)

#1 @audrasjb
4 years ago

  • Focuses coding-standards removed
  • Owner set to audrasjb
  • Status changed from new to reviewing
  • Summary changed from wp_insert_user return 0 to wp_insert_user should return a WP_Error when passing a too long first_name parameter
  • Version 5.7 deleted

Hi, welcome to WordPress Trac @superpuperlesha and thank you for the ticket,

Looking at a glance, wp_insert_user should return WP_Error or create the user without this parameter. Self-assigning the ticket for further investigation.

#2 @SergeyBiryukov
4 years ago

Hi there, welcome to WordPress Trac! Thanks for the report.

Looks like this was previously mentioned in comment:3:ticket:14290 but never addressed.

A similar issue was resolved in WordPress 4.4 for user_login and user_nicename fields: [34218] / #33793, #33820. Looks like we need the same for first_name and last_name.

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#3 follow-up: @audrasjb
4 years ago

I found something interesting: it looks like the limit is at 250 character. Also, I'm not sure it's really related to the first_name or last_name metadata.
I believe it's more related to the fact that display_name is based on first_name/last_name metadata.

For the moment, I wasn't able to find where this 250 char limit is set. @SergeyBiryukov do you have any clue?

#4 in reply to: ↑ 3 @SergeyBiryukov
4 years ago

Replying to audrasjb:

I believe it's more related to the fact that display_name is based on first_name/last_name metadata.

Ah, good point.

For the moment, I wasn't able to find where this 250 char limit is set. @SergeyBiryukov do you have any clue?

I think it's in the database schema: display_name varchar(250) NOT NULL default ''.

This ticket was mentioned in PR #7059 on WordPress/wordpress-develop by @debarghyabanerjee.


5 months ago
#5

  • Keywords has-patch added; needs-patch removed

Trac Ticket: Core-53109

## Problem Statement:

  • When calling the wp_insert_user function with an excessively long first_name, instead of receiving an error as per documentation, the function returns a 0 integer. This behavior contradicts the expected outcomes defined by WordPress standards, where the function should return either a WP_Error object or a positive integer indicating success.

## Solution:

  • Implemented enhancements to ensure adherence to WordPress standards:
  • Trim the display_name when it exceeds 250 characters, considering combinations of first_name and last_name, or standalone first_name or last_name.
  • Validate display_name length during user creation/update processes, ensuring errors are returned if the limit is exceeded.


## Technical Details:

  • Trimmed display_name logic implemented in wp_insert_user function to handle variations in first_name and last_name combinations.
  • Added validation checks to enforce a maximum display_name length of 250 characters, returning appropriate errors when exceeded.
  • Rationale for first_name and last_name Limit:
  • The decision to not enforce limits on first_name and last_name fields is based on their storage in post_meta, where WordPress traditionally allows for flexible data lengths. This approach maintains backward compatibility and accommodates diverse use cases without imposing unnecessary constraints on user data entry.

## Testing Done:

  • Unit tests added to cover scenarios with different combinations of first_name and last_name, ensuring display_name trimming and length validation functions correctly.
  • Integration testing performed to validate backward compatibility and ensure no regressions in user creation/update functionality.

## Impact:

  • This change ensures consistency and reliability in user creation operations within WordPress. Developers relying on wp_insert_user will receive expected error handling and validation feedback, improving overall usability and robustness of user management features.
Note: See TracTickets for help on using tickets.