Make WordPress Core

Opened 12 months ago

Last modified 12 months ago

#58188 new defect (bug)

is_user_logged_in can cause null pointer exception

Reported by: preissdigital's profile preissdigital Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.0.3
Component: General Keywords: reporter-feedback
Focuses: Cc:

Description

The wp_get_current_user has as documented return type a WP_User object. But it returns the result from _wp_get_current_user where the result can also be 0. The problem is, that the is_user_logged_in function try to return $user->exists(). There should be a check like 0 !== $user, $user instanceof \WP_User or something similar.

Change History (2)

#1 @TobiasBg
12 months ago

  • Keywords reporter-feedback added
  • Version changed from 6.2 to 2.0.3

Hi @preissdigital, thanks for your report!

Can you maybe clarify where _wp_get_current_user can return 0? From what I can see, it always returns the $current_user global variable, and makes sure to create/set that by calling wp_set_current_user if it's not a WP_User object yet.

#2 @oglekler
12 months ago

I also didn't find where there can be 0, wp_set_current_user returns a new WP_User with id = 0, but it is a correct instance.

@preissdigital, please write how we can reproduce the issue.

I've noted that is_user_logged_in is a pluggable function, that means that this function is only available after all plugins are loaded.

Note: See TracTickets for help on using tickets.