PHP notice when calling wp_insert_user

[westguard]

Hi Ben

We call the WordPress function wp_insert_user as part of our User Management add-on for WS Form (https://wsform.com). Our User Management add-on allows users to register a user using our forms. This is essentially a POST request from our form to a WordPress REST API endpoint.

If a customer has this plugin installed, when the submit our form they are getting the following notice:

Notice: Undefined index: expire_user_role in <root>/wp-content/plugins/expire-users/includes/expire-user.php on line 278

During this process, WordPress fires the user_register action, which in turn calls your save_extra_user_profile_fields method in Expire_User_Admin which is passed the $_POST global.

I think the issue is that you are not checking that the request is coming from a valid referring source. You do check to see if a user has the edit_user capability but if there was a way to stop that warning message when testing as an admin that would be great.

The line in question can be found here: https://github.com/benhuson/expire-users/blob/6362910e3d0c0553aec127d35cedf1b3fa4f49a2/includes/expire-user.php#L278C4-L278C4

The other lines in that method all check the $data array with isset, but that particular line does not.

Many thanks!

Mark