[wp-trac] [WordPress Trac] #9640: wp_update_user() blindly calls add_magic_quotes(), even on objects

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 24 01:27:45 UTC 2011


#9640: wp_update_user() blindly calls add_magic_quotes(), even on objects
------------------------------------------------+--------------------------
 Reporter:  misterbisson                        |       Owner:
     Type:  defect (bug)                        |      Status:  reopened
 Priority:  normal                              |   Milestone:  Future
Component:  Users                               |  Release
 Severity:  normal                              |     Version:  3.2.1
 Keywords:  has-patch 2nd-opinion dev-feedback  |  Resolution:
------------------------------------------------+--------------------------
Changes (by anmari):

 * version:  2.8 => 3.2.1


Comment:

 Hi all,

 I'd like to flag that this really should be fixed by now as it causes
 great confusion when wp users do not understand the cause (symptoms can
 occur long after the cause).

 EXAMPLE: they use a plugin which creates it's own user object class stored
 in the user meta ("your members" does this for example, and possibly "WP-
 member" (judging by email I received today - I guess because of this
 post)).

 Later the wp site admin deactivates the plugin for whatever reason.  They
 do not realise that anything is amiss until possibly much later until
 someone tries to edit a user that has the meta data stored.  At which
 point the fatal error occurs:

 '''Catchable fatal error: Object of class __PHP_Incomplete_Class could not
 be converted to string...wp-includes/functions.php on line 1526'''

 '''The user record cannot be updated''' and the cause is not clear to them
 and WordPress looks 'bad'.  It is also a difficult one for non techies
 (increasing using WordPress and experimenting with plugins) to fix as they
 have to remove the associated usermeta.

 I think the WordPress code should handle the situation '''gracefully'''.

 I don't think that it can just be left for plugin author's to know that
 they need to restrict themselves to a standard class, or for web owners to
 deal with fixing the usermeta.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9640#comment:40>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list