WordPress.org

Resolved Brian Henry
(@brianhenryie)

1 year, 3 months ago

Hi.

WO_Server::wp_oauth_authenticate_bypass() which is hooked to the determine_current_user filter returns null, which is incorrect/undesirable. Similarly, class-wo-api.php:309 runs apply_filters on determine_current_user with null as the input.

Where WordPress uses determine_current_user, e.g. _wp_get_current_user(), the value passed when the user id is not known is false, and the documentation says:

@param int|false $user_id User ID if one has been determined, false otherwise.
https://github.com/WordPress/WordPress/blob/17e2eff4aa3beb2802cbec12b6f08e2fbf69893d/wp-includes/user.php#L3618

Similarly false is used/expected in wp_validate_logged_in_cookie(), wp_validate_application_password(), and wp_validate_auth_cookie().

I came across this when I had strongly typed a function I had added to the determine_current_user filter and got a 500 error when the value came from WP OAuth. It would be nice if the code were to match the WordPress convention.

Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Justin Greer
(@justingreerbbi)

1 year, 3 months ago

Thank you for the feedback!

I will look into this and see if there would be a problem elsewhere if we did decided to change this.

It makes sense, so I will see what the options are.

Plugin Author Justin Greer
(@justingreerbbi)

1 year, 3 months ago

Thank you again for the feedback. We have updated this and will be pushing the update here in the near future.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘`determine_current_user` filter should return `false` not `null`’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Justin Greer
Last activity: 1 year, 3 months ago
Status: resolved