[wp-trac] [WordPress Trac] #44857: get_object_subtype uses get_user_by before it's defined

WordPress Trac noreply at wordpress.org
Tue Aug 28 09:35:18 UTC 2018 

#44857: get_object_subtype uses get_user_by before it's defined
----------------------------+-----------------------------
 Reporter:  infostreams     |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Bootstrap/Load  |    Version:  4.9.8
 Severity:  normal          |   Keywords:
  Focuses:                  |
----------------------------+-----------------------------
 In 'get_object_subtype' on line 1308 in wp-includes/meta.php, the function
 'get_user_by' is used. This function is defined in wp-
 includes/pluggable.php (line 87-109). However, 'pluggable.php' is not
 loaded until after the plugins have initialized (see wp-settings.php line
 160). Therefore, the situation can occur that 'get_object_subtype' calls a
 function that isn't defined yet.

 Concretely, this situation occurs in the WPML plugin, in combination with
 a multisite installation. However, there are many other situations where
 it could occur (anywhere in any plugin initialization code). If you add a
 new site, the WPML plugin will try to assign the network admin new
 capabilities by calling (WP_User)->add_cap for all of the network
 administrators. 'add_cap' calls 'update_user_meta', which calls
 'get_object_subtype', which results in a fatal error, which then displays
 a HTTP 500 error whenever the user is trying to access the WordPress
 dashboard. Fairly dramatic, indeed.

 For any googlers, you can resolve this issue by creating a file 'wpml-
 multisite-fix.php' in 'wp-content/mu-plugins', with the following content:

 {{{
 <?php

 if ( ! function_exists( 'get_user_by' ) ) {
         /**
          * Define the 'get_user_by' function here instead of in
 pluggable.php, because WP 4.9.8 has a bug -
          * it uses 'get_user_by' before it's included (see meta.php line
 1308, and see that it isn't
          * included yet in wp-settings.php line 160).
          *
          * @param string     $field The field to retrieve the user with.
 id | ID | slug | email | login.
          * @param int|string $value A value for $field. A user ID, slug,
 email address, or login name.
          * @return WP_User|false WP_User object on success, false on
 failure.
          */
         function get_user_by( $field, $value ) {
                 $userdata = WP_User::get_data_by( $field, $value );

                 if ( ! $userdata ) {
                         return false;
                 }

                 $user = new WP_User();
                 $user->init( $userdata );

                 return $user;
         }
 }
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44857>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list