[wp-trac] [WordPress Trac] #14286: Admin attempt to create user using an existing email yields PHP notice

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 12 19:48:40 UTC 2010 

#14286: Admin attempt to create user using an existing email yields PHP notice
----------------------------+-----------------------------------------------
 Reporter:  coffee2code     |       Owner:                 
     Type:  defect (bug)    |      Status:  new            
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:  3.0            
 Severity:  minor           |    Keywords:  has-patch      
----------------------------+-----------------------------------------------
 When the admin interface is used to create a new user, a PHP notice is
 generated due to an attempt to access an undefined property of an object.

 In edit_user() in wp-admin/includes/user.php, there exists this check for
 uniqueness of the user email:

 `elseif ( ( $owner_id = email_exists($user->user_email) ) && $owner_id !=
 $user->ID ) {`

 When a new user is created, this function is also used but the `$user`
 object is not assigned an ID variable.  So when the email_exists() check
 is true, the second half of the conditional generates a PHP notice because
 `$user->ID` is not defined.  Specifically, here's the output with WP_DEBUG
 set to true:

 `Notice: Undefined property: stdClass::$ID in /Users/scott/Sites/wp30.dev
 /wp-admin/includes/user.php on line 172`

 In order to see this transitional message and to verify the contents of
 `$user`, I hooked the 'user_profile_update_errors' action:

 {{{
 add_action ( 'user_profile_update_errors', 'var_dump_user', 1, 3 );
 function var_dump_user( $errors, $update, $user ) {
         var_dump( $user );
         exit();
 }
 }}}

 Which yields:

 `object(stdClass)#105 (9) { ["user_login"]=> string(8) "testuser"
 ["role"]=> string(10) "subscriber" ["user_email"]=> string(16)
 "xxxxxx at gmail.com" ["user_url"]=> string(0) "" ["first_name"]=> string(0)
 "" ["last_name"]=> string(0) "" ["comment_shortcuts"]=> string(0) ""
 ["use_ssl"]=> int(0) ["user_pass"]=> string(6) "mypass" }`

 (Note no 'ID' is defined.)

 My proposed fix (in the first attached diff) is to change the elseif
 conditional to be:

 `elseif ( ( $owner_id = email_exists($user->user_email) ) && ( !$update ||
 ( $owner_id != $user->ID ) ) ) {`

 In this case, if the email exists and either a user is being created
 (`!$update`) or a user is being updated but is not the account associated
 with the email `( $owner_id != $user->ID )`, then the WP error we want
 gets generated, while no PHP notices get generated.

 FYI: The code in user.php was introduced in [10990] in response to #9563.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14286>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list