Opened 18 years ago
Closed 17 years ago
#7291 closed defect (bug) (fixed)
user-edit.php doesn't do user exist check
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.7 | Priority: | lowest |
| Severity: | minor | Version: | 2.6 |
| Component: | Administration | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Visit /wp-admin/user-edit.php?user_id=1337 on your test install. No error will display even though the user doesn't (probably) exist.
Attachments (2)
Change History (4)
#1
@
18 years ago
- Keywords has-patch added; needs-patch removed
My attempt at this - adds a function check_user_id($id) which checks in the users database and returns the id that matches (if the user exists) or an empty set. Then adds logic to user_edit to check the id passed using the function.
If the user id does not exist, the page calls wp_die.
Strictly, the logic doing the test before the wp_die is unnecessary, as the immediately following block of code will pick up the empty id, but I thought it best to include the check so that the test is self-sufficient.
In IE7 with pretty errors enabled, you get a internal server error not the wp_die message.
Based on wp-admin/user-edit.php 2.6 version