[wp-trac] [WordPress Trac] #14308: wp_insert_user in 3.0 is not backwards compatible
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 14 21:32:41 UTC 2010
#14308: wp_insert_user in 3.0 is not backwards compatible
--------------------------+-------------------------------------------------
Reporter: ahupp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Prior to WP3.0 the function wp_insert_user would always return an integer
or falsy on failure. In 3.0 this function can return either an integer,
or an instance of WP_Error. This behavior is not backwards compatible
and can result in bad results.
A function that expects an integer return value will treat this WP_Error
instance as an integer, which results in a '1'. This is the id of the
administrator, resulting in possible corruption of the admin account. In
particular, calling wp_update_user() with this WP_Error value will cast
the error to (int) and operate on the administrator. First line of
wp_update_user:
$ID = (int) $userdata['ID'];
Possible resolutions:
best: don't return WP_Error from wp_insert_user - this is not backwards
compatible.
otherwise: check for is_wp_error() in wp_update_user(), and every other
function that takes a user id.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14308>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list