[wp-trac] [WordPress Trac] #54984: wp_update_user doesn't work properly with current user instance

Wed Oct 5 07:57:54 UTC 2022

#54984: wp_update_user doesn't work properly with current user instance
--------------------------+---------------------
 Reporter:  oztaser       |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  6.1
Component:  Users         |     Version:  5.8
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+---------------------

Comment (by cu121):

 Hello,

 I have thoroughly gone through this issue and inspected the functions
 related to wp_update_user(), and the reason why the password is not hashed
 when modifying the property of the same instance of the WP_User object is
 that when the WP_User user_pass is modified, the function get_user_by()
 generally fetches the user saved data and it checks if the WP_User object
 is the current instance or not. If it is the same instance then it returns
 the same WP_User instance $current_user, which is why the fetched database
 data of the user is not returned.

 I assume the developer who has worked with this logic has done this
 purposely and from my standpoint, it is absolutely valid. I assume we have
 to use wp_hash_password() when we want to modify the password of the
 current WP_User instance when accessing the user_pass property of the
 current user object.

 This is where the main logic lies by returning the same instance of the
 WP_User https://prnt.sc/2Go8mmctOKfw

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54984#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform