From b3aae615bb915e2fa430de362af41cc03bbd69d0 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Sat, 29 Jan 2022 14:25:03 +0000 Subject: [PATCH] Users: Return a `WP_Error` from `wp_insert_user()` if the `user_url` field is too long. The `user_url` database field only allows up to 100 characters, and if the value is longer than that, the function should return a proper error message instead of silently failing. This complements similar checks for `user_login` and `user_nicename` fields. Follow-up to [45], [1575], [32299], [34218], [34626]. Props mkox, sabernhardt, tszming, SergeyBiryukov. Fixes #44107. Built from https://develop.svn.wordpress.org/trunk@52650 git-svn-id: http://core.svn.wordpress.org/trunk@52239 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/user.php | 4 ++++ wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/wp-includes/user.php b/wp-includes/user.php index 3a11fa10bf..81944eda0e 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2043,6 +2043,10 @@ function wp_insert_user( $userdata ) { */ $user_url = apply_filters( 'pre_user_url', $raw_user_url ); + if ( mb_strlen( $user_url ) > 100 ) { + return new WP_Error( 'user_url_too_long', __( 'User URL may not be longer than 100 characters.' ) ); + } + $user_registered = empty( $userdata['user_registered'] ) ? gmdate( 'Y-m-d H:i:s' ) : $userdata['user_registered']; $user_activation_key = empty( $userdata['user_activation_key'] ) ? '' : $userdata['user_activation_key']; diff --git a/wp-includes/version.php b/wp-includes/version.php index cc2124eee6..8f8e5f22d0 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.0-alpha-52649'; +$wp_version = '6.0-alpha-52650'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.