mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 07:40:07 +00:00
Require numeric IDs in user deletion functions.
`wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter. Previously, the functions did not verify that the value passed was, in fact, a number. As such, passing an object or any other entity that would be cast to int `1` would result in user 1 being deleted. We fix this by enforcing the requirement that `$id` be numeric. Props dipesh.kakadiya, utkarshpatel, juliobox. Fixes #33800. git-svn-id: https://develop.svn.wordpress.org/trunk@34034 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -344,6 +344,29 @@ class Tests_Multisite_User extends WP_UnitTestCase {
|
||||
}
|
||||
}
|
||||
|
||||
public function test_numeric_string_user_id() {
|
||||
$u = $this->factory->user->create();
|
||||
|
||||
$u_string = (string) $u;
|
||||
$this->assertTrue( wpmu_delete_user( $u_string ) );
|
||||
$this->assertFalse( get_user_by( 'id', $u ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 33800
|
||||
*/
|
||||
public function test_should_return_false_for_non_numeric_string_user_id() {
|
||||
$this->assertFalse( wpmu_delete_user( 'abcde' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 33800
|
||||
*/
|
||||
public function test_should_return_false_for_object_user_id() {
|
||||
$u_obj = $this->factory->user->create_and_get();
|
||||
$this->assertFalse( wpmu_delete_user( $u_obj ) );
|
||||
$this->assertEquals( $u_obj->ID, username_exists( $u_obj->user_login ) );
|
||||
}
|
||||
}
|
||||
|
||||
endif ;
|
||||
|
||||
Reference in New Issue
Block a user