[wp-trac] [WordPress Trac] #63770: WordPress wp_insert_user() throws warning when password is not provided
WordPress Trac
noreply at wordpress.org
Thu Jul 31 05:42:47 UTC 2025
#63770: WordPress wp_insert_user() throws warning when password is not provided
---------------------------------------+-------------------------------
Reporter: sheldorofazeroth | Owner: sheldorofazeroth
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch has-test-info | Focuses:
---------------------------------------+-------------------------------
Comment (by shilpaashokan94):
The warning occurs because the wp_insert_user() function expects the
user_pass key in the $userdata array, even though it gracefully handles
missing passwords by generating a random one later in the process.
โ
Proposed Fix:
We can prevent the PHP warning by checking whether user_pass is set before
accessing it. This can be handled with a simple validation near line 2219
of wp-includes/user.php. Here's a suggested patch:
$update = false;
$user_pass = isset( $userdata['user_pass'] ) ? $userdata['user_pass'] :
'';
This ensures $user_pass is always defined, and prevents the warning from
being triggered when no password is passed.
๐ Security Consideration:
The current behavior of generating a random password when none is supplied
should remain unchanged. We're only fixing the warning without altering
the intended logic.
๐งช Testing:
This patch can be tested by calling wp_insert_user() without a password:
wp_insert_user( array(
'user_login' => 'testuser',
'user_email' => 'test at example.com',
) );
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63770#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list