[wp-trac] [WordPress Trac] #33800: wp_delete_user delete the user ID 1 if an object is passed in param

WordPress Trac noreply at wordpress.org
Fri Sep 11 02:24:05 UTC 2015


#33800: wp_delete_user delete the user ID 1 if an object is passed in param
--------------------------+---------------------------
 Reporter:  juliobox      |       Owner:  boonebgorges
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  4.4
Component:  Users         |     Version:  2.0
 Severity:  normal        |  Resolution:  fixed
 Keywords:  has-patch     |     Focuses:
--------------------------+---------------------------
Changes (by boonebgorges):

 * owner:   => boonebgorges
 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"34034"]:
 {{{
 #!CommitTicketReference repository="" revision="34034"
 Require numeric IDs in user deletion functions.

 `wp_delete_user()` and `wpmu_delete_user()` both require an `$id`
 parameter.
 Previously, the functions did not verify that the value passed was, in
 fact,
 a number. As such, passing an object or any other entity that would be
 cast
 to int `1` would result in user 1 being deleted. We fix this by enforcing
 the requirement that `$id` be numeric.

 Props dipesh.kakadiya, utkarshpatel, juliobox.
 Fixes #33800.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33800#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list