From 39fb7992a98a4a3d79619ee155d86512fbc4feae Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Fri, 11 Sep 2015 02:25:23 +0000 Subject: [PATCH] Require numeric IDs in user deletion functions. `wp_delete_user()` and `wpmu_delete_user()` both require an `$id` parameter. Previously, the functions did not verify that the value passed was, in fact, a number. As such, passing an object or any other entity that would be cast to int `1` would result in user 1 being deleted. We fix this by enforcing the requirement that `$id` be numeric. Props dipesh.kakadiya, utkarshpatel, juliobox. Fixes #33800. Built from https://develop.svn.wordpress.org/trunk@34034 git-svn-id: http://core.svn.wordpress.org/trunk@34002 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/ms.php | 4 ++++ wp-admin/includes/user.php | 4 ++++ wp-includes/version.php | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index b7e4c28631..2907d24735 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -185,6 +185,10 @@ function wpmu_delete_blog( $blog_id, $drop = false ) { function wpmu_delete_user( $id ) { global $wpdb; + if ( ! is_numeric( $id ) ) { + return false; + } + $id = (int) $id; $user = new WP_User( $id ); diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 3c2e26e186..5c12d3d265 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -273,6 +273,10 @@ function get_users_drafts( $user_id ) { function wp_delete_user( $id, $reassign = null ) { global $wpdb; + if ( ! is_numeric( $id ) ) { + return false; + } + $id = (int) $id; $user = new WP_User( $id ); diff --git a/wp-includes/version.php b/wp-includes/version.php index f5e144c569..1a7b6acfdf 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34033'; +$wp_version = '4.4-alpha-34034'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.