mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-06 15:41:08 +01:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Login and Registration: Set correct default values in wp_signon().

Browse Source 
The `$credentials['user_login']` and `$credentials['user_password']` parameters are passed by reference to the `wp_authenticate` action, and are at that point [https://www.php.net/manual/en/language.references.pass.php#124383 created as null] if they don't exist in the array.

This commit sets those values to an empty string, resolving two PHP 8.1 deprecation notices:
 * One from `preg_replace()` in `wp_strip_all_tags()` via `sanitize_user()` in `wp_authenticate()`:
{{{
Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated
}}}
 * One from `trim()` in `wp_authenticate()` itself:
{{{
Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated
}}}

Includes documenting the `$credentials` parameter using hash notation.

Follow-up to [6643], [37697].

Props lenasterg, TobiasBg, ocean90, afragen, lkraav, SergeyBiryukov.
Fixes #56850.

git-svn-id: https://develop.svn.wordpress.org/trunk@55301 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2023-02-09 01:29:42 +00:00
parent 33ba8c54aa
commit 7104aa0a9c
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/wp-includes/user.php
View File

@ -26,13 +26,24 @@
*
* @global string $auth_secure_cookie
*
* @param array $credentials Optional. User info in order to sign on.
* @param array $credentials {
* Optional. User info in order to sign on.
*
* @type string $user_login Username.
* @type string $user_password User password.
* @type bool $remember Whether to 'remember' the user. Increases the time
* that the cookie will be kept. Default false.
* }
* @param string|bool $secure_cookie Optional. Whether to use secure cookie.
* @return WP_User|WP_Error WP_User on success, WP_Error on failure.
*/
function wp_signon( $credentials = array(), $secure_cookie = '' ) {
if ( empty( $credentials ) ) {
$credentials = array(); // Back-compat for plugins passing an empty string.
$credentials = array(
'user_login' => '',
'user_password' => '',
'remember' => false,
);
if ( ! empty( $_POST['log'] ) ) {
$credentials['user_login'] = wp_unslash( $_POST['log'] );

19
tests/phpunit/tests/auth.php
View File

@ -444,6 +444,25 @@ class Tests_Auth extends WP_UnitTestCase {
$this->assertInstanceOf( 'WP_User', wp_signon() );
}
/**
* Tests that PHP 8.1 "passing null to non-nullable" deprecation notices
* are not thrown when `user_login` and `user_password` parameters are empty.
*
* The notices that we should not see:
* `Deprecated: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated`.
* `Deprecated: trim(): Passing null to parameter #1 ($string) of type string is deprecated`.
*
* @ticket 56850
*/
public function test_wp_signon_does_not_throw_deprecation_notices_with_default_parameters() {
$error = wp_signon();
$this->assertWPError( $error, 'The result should be an instance of WP_Error.' );
$error_codes = $error->get_error_codes();
$this->assertContains( 'empty_username', $error_codes, 'The "empty_username" error code should be present.' );
$this->assertContains( 'empty_password', $error_codes, 'The "empty_password" error code should be present.' );
}
/**
* HTTP Auth headers are used to determine the current user.
*