Users: Allow any DB field to be returned by WP_User_Query.

Restore behaviour of `fields` parameter in `WP_User_Query` to allow developers to specify any database field to be returned either individually or as part of a subset. Add these fields to the documentation. When a subset of `fields` includes the `id` paramater, include it in the results in both upper and lowercase to maintain backward compatibility. Follow up to [53327]. Props dd32, pbearne, kraftbj, peterwilsoncc. Fixes #53177. git-svn-id: https://develop.svn.wordpress.org/trunk@53362 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2022-05-07 03:30:51 +00:00
parent 09923cc040
commit e17a83df22
2 changed files with 227 additions and 109 deletions
--- a/src/wp-includes/class-wp-user-query.php
+++ b/src/wp-includes/class-wp-user-query.php
@@ -230,6 +230,11 @@ class WP_User_Query {
 	 *                                                - 'user_email'
 	 *                                                - 'user_url'
 	 *                                                - 'user_registered'
+	 *                                                - 'user_pass'
+	 *                                                - 'user_activation_key'
+	 *                                                - 'user_status'
+	 *                                                - 'spam' (only available on multisite installs)
+	 *                                                - 'deleted' (only available on multisite installs)
 	 *                                                - 'all' for all fields
 	 *                                                - 'all_with_meta' to include meta fields.
 	 *                                                Default 'all'.
@@ -275,25 +280,33 @@ class WP_User_Query {
 		$qv = $this->fill_query_vars( $qv );

 		$allowed_fields = array(
-			'ID',
-			'display_name',
+			'id',
 			'user_login',
+			'user_pass',
 			'user_nicename',
 			'user_email',
 			'user_url',
 			'user_registered',
+			'user_activation_key',
+			'user_status',
+			'display_name',
 		);
+		if ( is_multisite() ) {
+			$allowed_fields[] = 'spam';
+			$allowed_fields[] = 'deleted';
+		}

 		if ( is_array( $qv['fields'] ) ) {
+			$qv['fields'] = array_map( 'strtolower', $qv['fields'] );
 			$qv['fields'] = array_intersect( array_unique( $qv['fields'] ), $allowed_fields );

 			if ( empty( $qv['fields'] ) ) {
-				$qv['fields'] = array( 'ID' );
+				$qv['fields'] = array( 'id' );
 			}

 			$this->query_fields = array();
 			foreach ( $qv['fields'] as $field ) {
-				$field                = 'ID' === $field ? 'ID' : sanitize_key( $field );
+				$field                = 'id' === $field ? 'ID' : sanitize_key( $field );
 				$this->query_fields[] = "$wpdb->users.$field";
 			}
 			$this->query_fields = implode( ',', $this->query_fields );
@@ -302,7 +315,7 @@ class WP_User_Query {
 		} elseif ( ! in_array( $qv['fields'], $allowed_fields, true ) ) {
 			$this->query_fields = "$wpdb->users.ID";
 		} else {
-			$field              = 'ID' === $qv['fields'] ? 'ID' : sanitize_key( $qv['fields'] );
+			$field              = 'id' === strtolower( $qv['fields'] ) ? 'ID' : sanitize_key( $qv['fields'] );
 			$this->query_fields = "$wpdb->users.$field";
 		}

@@ -822,8 +835,14 @@ class WP_User_Query {
 		if ( ! $this->results ) {
 			return;
 		}
-
-		if ( 'all_with_meta' === $qv['fields'] ) {
+		if (
+			is_array( $qv['fields'] ) &&
+			isset( $this->results[0]->ID )
+		) {
+			foreach ( $this->results as $result ) {
+				$result->id = $result->ID;
+			}
+		} elseif ( 'all_with_meta' === $qv['fields'] ) {
 			cache_users( $this->results );

 			$r = array();