[wp-trac] [WordPress Trac] #14308: wp_insert_user in 3.0 is not backwards compatible

WordPress Trac wp-trac at lists.automattic.com
Wed Jul 14 21:32:41 UTC 2010


#14308: wp_insert_user in 3.0 is not backwards compatible
--------------------------+-------------------------------------------------
 Reporter:  ahupp         |       Owner:                 
     Type:  defect (bug)  |      Status:  new            
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  3.0            
 Severity:  normal        |    Keywords:                 
--------------------------+-------------------------------------------------
 Prior to WP3.0 the function wp_insert_user would always return an integer
 or falsy on failure.  In 3.0 this function can return either an integer,
 or an instance of WP_Error.   This behavior is not backwards compatible
 and can result in bad results.

 A function that expects an integer return value will treat this WP_Error
 instance as an integer, which results in a '1'.  This is the id of the
 administrator, resulting in possible corruption of the admin account.   In
 particular, calling wp_update_user() with this WP_Error value will cast
 the error to (int) and operate on the administrator.  First line of
 wp_update_user:

    $ID = (int) $userdata['ID'];

 Possible resolutions:

  best: don't return WP_Error from wp_insert_user - this is not backwards
 compatible.
  otherwise: check for is_wp_error() in wp_update_user(), and every other
 function that takes a user id.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14308>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list