[wp-trac] [WordPress Trac] #56662: WP_REST_Users_Controller::update_item(): 'rest_user_invalid_id ' error will never be thrown as `$user` will never be falsey.

WordPress Trac noreply at wordpress.org
Mon Sep 26 22:19:35 UTC 2022 

#56662: WP_REST_Users_Controller::update_item(): 'rest_user_invalid_id ' error will
never be thrown as `$user` will never be falsey.
--------------------------+-----------------------------
 Reporter:  jrf           |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Users         |    Version:  4.7
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 While looking at the code of the `WP_REST_Users_Controller::update_item()`
 method, I noticed a bug in `WP_REST_Users_Controller::update_item()`.

 At the start of the function, the user is retrieved and it is verified
 that this doesn't result in a `WP_Error`.

 Next, the `WP_User` `$user` variable is used to retrieve the user id.

 Then in the next condition, it is checked if the `$user` is falsey. This
 condition would never match as `WP_REST_Users_Controller::get_user()`
 returns either a `WP_User` object or `WP_Error` and we already know it's
 not a `WP_Error` and an instantiated `WP_User` object will never evaluate
 to falsey.

 As the `WP_Error` being thrown _within_ the condition refers to an
 "invalid user id", I believe the _intention_ of the code was to check that
 `$id` is not falsey, which would make more sense, as even though it would
 be unlikely that a `WP_User` object would not have a valid ID, that
 condition _could_ potential match and trigger the `WP_Error`.

 There are already tests in place which (try to) cover this code, but as
 the `WP_REST_Users_Controller::get_user()` method throws the same error,
 it went unnoticed that this condition is incorrect.

 In all honesty, IMO, this whole condition can be removed, as it is already
 handled by the call to `WP_REST_Users_Controller::get_user()`.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56662>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list