diff --git a/src/wp-includes/class-wp-user-query.php b/src/wp-includes/class-wp-user-query.php index 3d6b28bcc3..050b2822f6 100644 --- a/src/wp-includes/class-wp-user-query.php +++ b/src/wp-includes/class-wp-user-query.php @@ -285,7 +285,11 @@ class WP_User_Query { ); if ( is_array( $qv['fields'] ) ) { - $qv['fields'] = array_unique( $qv['fields'] ); + $qv['fields'] = array_intersect( array_unique( $qv['fields'] ), $allowed_fields ); + + if ( empty( $qv['fields'] ) ) { + $qv['fields'] = array( 'ID' ); + } $this->query_fields = array(); foreach ( $qv['fields'] as $field ) { @@ -293,8 +297,10 @@ class WP_User_Query { $this->query_fields[] = "$wpdb->users.$field"; } $this->query_fields = implode( ',', $this->query_fields ); - } elseif ( ! in_array( $qv['fields'], $allowed_fields, true ) ) { + } elseif ( 'all' === $qv['fields'] ) { $this->query_fields = "$wpdb->users.*"; + } elseif ( ! in_array( $qv['fields'], $allowed_fields, true ) ) { + $this->query_fields = "$wpdb->users.ID"; } else { $field = 'ID' === $qv['fields'] ? 'ID' : sanitize_key( $qv['fields'] ); $this->query_fields = "$wpdb->users.$field"; diff --git a/tests/phpunit/tests/user/query.php b/tests/phpunit/tests/user/query.php index 4ee93ae167..eac4efd7a7 100644 --- a/tests/phpunit/tests/user/query.php +++ b/tests/phpunit/tests/user/query.php @@ -1982,8 +1982,8 @@ class Tests_User_Query extends WP_UnitTestCase { public function test_returning_fields( $field, $expected_values ) { $q = new WP_User_Query( array( - 'fields' => $field, - 'include ' => array( self::$admin_ids[0] ), + 'fields' => $field, + 'include' => array( '1' ), ) ); $results = $q->get_results(); @@ -2007,68 +2007,94 @@ class Tests_User_Query extends WP_UnitTestCase { public function data_returning_fields() { return array( - 'all' => array( + 'all' => array( 'field' => 'all', 'expected' => array( 'ID' => '1', 'user_login' => 'admin', 'user_nicename' => 'admin', - 'user_email' => 'admin@example.org', - 'user_url' => 'http://example.org', + 'user_email' => WP_TESTS_EMAIL, + 'user_url' => wp_guess_url(), 'user_activation_key' => '', 'user_status' => '0', 'display_name' => 'admin', ), ), - 'all_with_meta' => array( + 'all_with_meta' => array( 'field' => 'all_with_meta', 'expected' => array( 'ID' => '1', 'user_login' => 'admin', 'user_nicename' => 'admin', - 'user_email' => 'admin@example.org', - 'user_url' => 'http://example.org', + 'user_email' => WP_TESTS_EMAIL, + 'user_url' => wp_guess_url(), 'user_activation_key' => '', 'user_status' => '0', 'display_name' => 'admin', ), ), - 'ID' => array( + 'ID' => array( 'field' => 'ID', 'expected' => array( 'ID' => '1', ), ), - 'display_name' => array( + 'id' => array( + 'field' => 'id', + 'expected' => array( + 'ID' => '1', + ), + ), + 'display_name' => array( 'field' => 'display_name', 'expected' => array( 'display_name' => 'admin', ), ), - 'user_login' => array( + 'user_login' => array( 'field' => 'user_login', 'expected' => array( 'user_login' => 'admin', ), ), - 'user_nicename' => array( + 'user_nicename' => array( 'field' => 'user_nicename', 'expected' => array( 'user_nicename' => 'admin', ), ), - 'user_email' => array( + 'user_email' => array( 'field' => 'user_email', 'expected' => array( - 'user_email' => 'admin@example.org', + 'user_email' => WP_TESTS_EMAIL, ), ), - 'invalid_field' => array( + 'invalid_field' => array( 'field' => 'invalid_field', 'expected' => array( '0' => '1', ), ), + 'valid_array' => array( + 'field' => array( 'ID', 'display_name' ), + 'expected' => array( + 'ID' => '1', + 'display_name' => 'admin', + ), + ), + 'semivalid_array' => array( + 'field' => array( 'ID', 'display_name', 'invalid_field' ), + 'expected' => array( + 'ID' => '1', + 'display_name' => 'admin', + ), + ), + 'invalid_array' => array( + 'field' => array( 'invalid_field' ), + 'expected' => array( + 'ID' => '1', + ), + ), ); }