[wp-trac] [WordPress Trac] #63770: WordPress wp_insert_user() throws warning when password is not provided
WordPress Trac
noreply at wordpress.org
Thu Jul 31 05:55:34 UTC 2025
#63770: WordPress wp_insert_user() throws warning when password is not provided
---------------------------------------+-------------------------------
Reporter: sheldorofazeroth | Owner: sheldorofazeroth
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch has-test-info | Focuses:
---------------------------------------+-------------------------------
Comment (by iamadisingh):
Replying to [comment:6 dd32]:
> Replying to [comment:4 rollybueno]:
> > There's no check in place to see if the `user_pass` key exists in
`$userdata`. It only assume it exists by default. If we intend to make it
required, we should add a check and throw WP_Error in case it's missing.
>
> Yeah.. but that's very different to the claimed ticket description, and
arguably, PHP Warnings are a valid outcome - Pass junk data, receive junk
reply.
>
> That's very common with most low-level WordPress functions, there's an
assumption that if you're using the low-level function, you're passing
correct data (and have the correct permissions).
Wouldn't it be better for `wp_insert_user()` to be stricter and return a
`WP_Error` if `user_pass` is missing, similar to how it handles other
required fields? This would make the function safer and more predictable
for developers, and avoid creating users with empty passwords.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63770#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list