[wp-trac] [WordPress Trac] #41672: REST create user: existing_user_login is returned before existing_user_email

[WordPress Trac]

#41672: REST create user: existing_user_login is returned before
existing_user_email
-------------------------------------------------+-------------------------
 Reporter:  bbrian                               |       Owner:
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Awaiting
Component:  Users                                |  Review
 Severity:  normal                               |     Version:  4.7
 Keywords:  needs-unit-tests good-first-bug      |  Resolution:
  2nd-opinion has-patch                          |     Focuses:  rest-api
-------------------------------------------------+-------------------------

Comment (by guzzilar):

 Hi @sconzof,

 From your patch, I just wonder If it is about priority of validation,
 wouldn't it be better if we just move the whole line of below code:

 {{{#!php
 $raw_user_email = empty( $userdata['user_email'] ) ? '' :
 $userdata['user_email'];

 /**
  * Filters a user's email before the user is created or updated.
  *
  * @since 2.0.3
  *
  * @param string $raw_user_email The user's email.
  */
 $user_email = apply_filters( 'pre_user_email', $raw_user_email );

 /*
  * If there is no update, just check for `email_exists`. If there is an
 update,
  * check if current email and new email are the same, or not, and check
 `email_exists`
  * accordingly.
  */
 if ( ( ! $update || ( ! empty( $old_user_data ) && 0 !== strcasecmp(
 $user_email, $old_user_data->user_email ) ) )
         && ! defined( 'WP_IMPORTING' )
         && email_exists( $user_email )
 ) {
         return new WP_Error( 'existing_user_email', __( 'Sorry, that email
 address is already used!' ) );
 }
 }}}

 to above `$sanitized_user_login = sanitize_user( $userdata['user_login'],
 true );` line?

 Also, shaw we call `sanitize_email()` at `$raw_user_email = empty(
 $userdata['user_email'] ) ? '' : $userdata['user_email'];`?

 So from
 {{{#!php
 $raw_user_email = empty( $userdata['user_email'] ) ? '' :
 $userdata['user_email'];

 /**
  * Filters a user's email before the user is created or updated.
  *
  * @since 2.0.3
  *
  * @param string $raw_user_email The user's email.
  */
 $user_email = apply_filters( 'pre_user_email', $raw_user_email );
 }}}

 Could be

 {{{#!php
 $sanitized_user_email = empty( $userdata['user_email'] ) ? '' :
 sanitize_email( $userdata['user_email'] );

 /**
  * Filters a user's email before the user is created or updated.
  *
  * @since 2.0.3
  *
  * @param string $raw_user_email The user's email.
  */
 $user_email = apply_filters( 'pre_user_email', $sanitized_user_email );
 }}}

 What do you think?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/41672#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform