search

michaelryanmcneill / shibboleth

Shibboleth plugin for WordPress
https://wordpress.org/plugins/shibboleth/
19 stars 11 forks source link

Clicking the "Link Shibboleth Account" button from a different user's profile page gives Fatal error "Invalid User ID." #81

Closed jakeparis closed 1 year ago

jakeparis commented 2 years ago

When I click the "Link Shibboleth Account" button at the bottom of a different user's profile page, I get a WordPress fatal error with "Invalid User ID".

If I click the button from a user's own profile page, it works fine.

I have the plugin network enabled, but I've tried this from both a network user profile page, as well as a single site's user profile page.

Some debugging information

Not sure if it's helpful, but the error in question comes from /wp-admin/user-edit.php:23 

$user_id      = (int) $user_id;
$current_user = wp_get_current_user();
if ( ! defined( 'IS_PROFILE_PAGE' ) ) {
    define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
}

if ( ! $user_id && IS_PROFILE_PAGE ) {
    $user_id = $current_user->ID;
} elseif ( ! $user_id && ! IS_PROFILE_PAGE ) {
    wp_die( __( 'Invalid user ID.' ) );
} elseif ( ! get_userdata( $user_id ) ) {
    wp_die( __( 'Invalid user ID.' ) );
}

And it's the second conditional that's true (! $user_id && ! IS_PROFILE_PAGE )

$user_id always seems to be 0.

jrchamp commented 2 years ago

Thanks @jakeparis. If I understand correctly, you're saying:

It seems that we should not be showing the button when a user is on another user's profile page. We may be able to use something like } elseif ( ! IS_PROFILE_PAGE ) { if we want to show a message that the user's profile is not linked between the current two clauses in the existing code: https://github.com/michaelryanmcneill/shibboleth/blob/f9bae4445778cd00a61a40942abeba5799a2ea8b/options-user.php#L156-L162

jakeparis commented 2 years ago

You understood correctly. In my opinion, the most reasonable course of action is, as you stated, to only display the "link shibboleth account" button when you're on your own profile page.