Opened 23 months ago
Last modified 6 months ago
#57635 new defect (bug)
Check if empty user_nicename in the function wp_insert_user
Reported by: | missveronicatv | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 6.1.1 |
Component: | Users | Keywords: | good-first-bug has-patch |
Focuses: | Cc: |
Description
Check if empty 'user_nicename' in the function 'wp_insert_user' after the 'sanitize_title' and filter 'pre_user_nicename'. Only 'user_nicename' length > 50 is being reported as an error.
With an empty 'user_nicename' in the users WP table the function 'update_user_caches' will fail with an empty key when calling 'wp_cache_add'.
This empty field will give a PHP Warning: "Function WP_Object_Cache::add was called <strong>incorrectly</strong>. Cache key must not be an empty string. Please see ..."
Stack trace when the plugin Ultimate Member is calling 'get_users':
wp-includes/functions.php:5835 WP_Object_Cache->is_valid_key() wp-includes/class-wp-object-cache.php:204 WP_Object_Cache->add() wp-includes/cache.php:44 wp_cache_add() wp-includes/user.php:1864 update_user_caches() wp-includes/pluggable.php:141 cache_users() wp-includes/class-wp-user-query.php:856 WP_User_Query->query() wp-includes/class-wp-user-query.php:79 WP_User_Query->__construct() wp-includes/user.php:763 get_users() wp-content/plugins/ultimate-member/includes/core/um-actions-form.php:874 um_submit_form_errors_hook_() wp-includes/class-wp-hook.php:308 do_action('um_submit_form_errors_hook_') wp-content/plugins/ultimate-member/includes/core/um-actions-form.php:293 um_submit_form_errors_hook() wp-includes/class-wp-hook.php:308 do_action('um_submit_form_errors_hook') wp-content/plugins/ultimate-member/includes/core/class-form.php:569 um\core\Form->form_init() wp-includes/class-wp-hook.php:308 do_action('template_redirect') wp-includes/template-loader.php:13
Stack trace when displaying the backend page WP All Users
wp-includes/functions.php:5835 WP_Object_Cache->is_valid_key() wp-includes/class-wp-object-cache.php:204 WP_Object_Cache->add() wp-includes/cache.php:44 wp_cache_add() wp-includes/user.php:1864 update_user_caches() wp-includes/pluggable.php:141 cache_users() wp-includes/class-wp-user-query.php:856 WP_User_Query->query() wp-includes/class-wp-user-query.php:79 WP_User_Query->__construct() wp-admin/includes/class-wp-users-list-table.php:140 WP_Users_List_Table->prepare_items() wp-admin/users.php:521
Attachments (2)
Change History (17)
#1
@
23 months ago
- Keywords needs-patch good-first-bug added; changes-requested removed
- Milestone changed from Awaiting Review to Future Release
This ticket was mentioned in Slack in #core by mramosmanhaes. View the logs.
22 months ago
#3
@
22 months ago
- Keywords needs-testing-info added
I could not reproduce this and I can see that empty 'user_nicename' is already handled in wp_insert_user
function
/* * If a nicename is provided, remove unsafe user characters before using it. * Otherwise build a nicename from the user_login. */ if ( ! empty( $userdata['user_nicename'] ) ) { $user_nicename = sanitize_user( $userdata['user_nicename'], true ); } else { $user_nicename = mb_substr( $user_login, 0, 50 ); }
To reproduce exception you mentioned, I had to change value of user_nicename
to empty manually from database.
@missveronicatv can you please provide steps to reproduce this? I couldn't reproduce with below.
$userdata = array( 'user_login' => 'login_name', 'user_url' => 'https://example.com', 'user_pass' => 'password', 'user_nicename' => '' ); $user_id = wp_insert_user( $userdata );
#4
@
22 months ago
With $user_login
empty you will get $user_nicename
empty too
$user_nicename = mb_substr( $user_login, 0, 50 );
#5
@
22 months ago
- Keywords 2nd-opinion added
@missveronicatv I tried that and still no luck. I got an expected error "Cannot create a user with an empty login name."
Also, if you look at the code, empty user_login
case is handled. Can you please share sample code or API call to reproduce this?
// user_login must be between 0 and 60 characters. if ( empty( $user_login ) ) { return new WP_Error( 'empty_user_login', __( 'Cannot create a user with an empty login name.' ) ); } elseif ( mb_strlen( $user_login ) > 60 ) { return new WP_Error( 'user_login_too_long', __( 'Username may not be longer than 60 characters.' ) ); }
#6
@
22 months ago
You are right.
If $user_login
is a "dot" after
$sanitized_user_login = sanitize_user( $userdata['user_login'], true );
This "dot" will be removed in
$user_nicename = sanitize_title( $user_nicename );
#7
@
22 months ago
When displaying the WP users table in phpMyAdmin user_login is a "dot" and user_nicename is empty
#10
@
22 months ago
- Keywords has-patch added; needs-patch needs-testing-info 2nd-opinion removed
@SergeyBiryukov do you suggest unit test for this?
This ticket was mentioned in PR #4037 on WordPress/wordpress-develop by kalpeshhiran.
22 months ago
#11
Improvement in nicename empty check and adding sanitized value in empty check to avoid creating user with empty value.
Trac ticket: https://core.trac.wordpress.org/ticket/57635
This ticket was mentioned in PR #6775 on WordPress/wordpress-develop by @thehercules.
6 months ago
#12
Fixes Ticket #57635
Check if 'user_nicename' is empty in the function 'wp_insert_user' after the 'sanitize_title' and filter 'pre_user_nicename'.
@thehercules commented on PR #6775:
6 months ago
#13
Hey @mukeshpanchal27, Can you review this PR.
#14
@
6 months ago
@missveronicatv I have created a patch for this in this PR https://github.com/WordPress/wordpress-develop/pull/6775 could you check. And suggest if there are any changes to be made.
Hi there, welcome back to WordPress Trac! Thanks for the ticket.
Good catch, looks like we should apply the same logic for
user_nicename
as we do foruser_login
: