From 0fd2e294bebc6ecd2407e8c072beaa35bc8f312c Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Sat, 29 Jan 2022 14:23:59 +0000
Subject: [PATCH] Users: Return a `WP_Error` from `wp_insert_user()` if the
 `user_url` field is too long.

The `user_url` database field only allows up to 100 characters, and if the value is longer than that, the function should return a proper error message instead of silently failing.

This complements similar checks for `user_login` and `user_nicename` fields.

Follow-up to [45], [1575], [32299], [34218], [34626].

Props mkox, sabernhardt, tszming, SergeyBiryukov.
Fixes #44107.

git-svn-id: https://develop.svn.wordpress.org/trunk@52650 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/user.php     |  4 ++++
 tests/phpunit/tests/user.php | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/wp-includes/user.php b/src/wp-includes/user.php
index 3a11fa10bf..81944eda0e 100644
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -2043,6 +2043,10 @@ function wp_insert_user( $userdata ) {
 	 */
 	$user_url = apply_filters( 'pre_user_url', $raw_user_url );
 
+	if ( mb_strlen( $user_url ) > 100 ) {
+		return new WP_Error( 'user_url_too_long', __( 'User URL may not be longer than 100 characters.' ) );
+	}
+
 	$user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered'];
 
 	$user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key'];
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 8c4c0d199e..67ab0f04f7 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -1000,6 +1000,24 @@ class Tests_User extends WP_UnitTestCase {
 		$this->assertSame( $expected, $user->user_nicename );
 	}
 
+	/**
+	 * @ticket 44107
+	 */
+	public function test_wp_insert_user_should_reject_user_url_over_100_characters() {
+		$user_url = str_repeat( 'a', 101 );
+		$u        = wp_insert_user(
+			array(
+				'user_login' => 'test',
+				'user_email' => 'test@example.com',
+				'user_pass'  => 'password',
+				'user_url'   => $user_url,
+			)
+		);
+
+		$this->assertWPError( $u );
+		$this->assertSame( 'user_url_too_long', $u->get_error_code() );
+	}
+
 	/**
 	 * @ticket 28004
 	 */