We call the WordPress function wp_insert_user as part of our User Management add-on for WS Form (https://wsform.com). Our User Management add-on allows users to register a user using our forms. This is essentially a POST request from our form to a WordPress REST API endpoint.
If a customer has this plugin installed, when the submit our form they are getting the following notice:
Notice: Undefined index: expire_user_role in <root>/wp-content/plugins/expire-users/includes/expire-user.php on line 278
During this process, WordPress fires the user_register action, which in turn calls your save_extra_user_profile_fields method in Expire_User_Admin which is passed the $_POST global.
I think the issue is that you are not checking that the request is coming from a valid referring source. You do check to see if a user has the edit_user capability but if there was a way to stop that warning message when testing as an admin that would be great.
Hi Ben
We call the WordPress function wp_insert_user as part of our User Management add-on for WS Form (https://wsform.com). Our User Management add-on allows users to register a user using our forms. This is essentially a POST request from our form to a WordPress REST API endpoint.
If a customer has this plugin installed, when the submit our form they are getting the following notice:
Notice: Undefined index: expire_user_role in <root>/wp-content/plugins/expire-users/includes/expire-user.php on line 278
During this process, WordPress fires the user_register action, which in turn calls your save_extra_user_profile_fields method in Expire_User_Admin which is passed the $_POST global.
I think the issue is that you are not checking that the request is coming from a valid referring source. You do check to see if a user has the edit_user capability but if there was a way to stop that warning message when testing as an admin that would be great.
The line in question can be found here: https://github.com/benhuson/expire-users/blob/6362910e3d0c0553aec127d35cedf1b3fa4f49a2/includes/expire-user.php#L278C4-L278C4
The other lines in that method all check the $data array with isset, but that particular line does not.
Many thanks!
Mark