[wp-trac] [WordPress Trac] #11509: sanitize_user_object() throws fatal error on user property objects

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 19 18:10:09 UTC 2009 

#11509: sanitize_user_object() throws fatal error on user property objects
--------------------------+-------------------------------------------------
 Reporter:  filosofo      |       Owner:  ryan                          
     Type:  defect (bug)  |      Status:  new                           
 Priority:  normal        |   Milestone:  2.9.1                         
Component:  Users         |     Version:  2.9                           
 Severity:  normal        |    Keywords:  sanitize_user_object has-patch
--------------------------+-------------------------------------------------
Changes (by hakre):

  * milestone:  3.0 => 2.9.1


Comment:

 That would need two checks, the array variant of the user might have such
 objects as well, hasn't it? (Line 650 ca.)

 Addtionally the function "sanitize_user_object" has the problem that it
 does not return a user - if object - by reference as it is common practise
 in wordpress. But that's only a sidenote.

 the function sanitize_user_object accepts by definition object related
 values only. this might be a documentation problem. if not, this should be
 properly reflected in function sanitize_user_object. sanitize_user_object
 is misleading as well because according to it's code and docblock, it
 accepts a user array as well.

 sanitize_user_field renders useless in the ''raw'' context. It seems
 pretty useless that it is implemented then.

 line 692 in sanitize_user_field() looks like the counterpart that you fix
 with your patch. it should be updated as well.

 docblock of function sanitize_user_field is pretty redundant to the code,
 the @uses apply_filters() notes are pretty useless. better formatted php
 code does help a lot more than double code, one time in comments with
 pseudo code and second time in the function with real code.

 for the line 692 topic I've created a second patch. I would not recommend
 this for 3.0 because as filosofo pointed out this actually breaks things.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11509#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list