Skip to content

wp user update silently ignores typo'ed --user_pass flag #5286

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rklrkl opened this issue Sep 25, 2019 · 3 comments · May be fixed by wp-cli/entity-command#528
Open

wp user update silently ignores typo'ed --user_pass flag #5286

rklrkl opened this issue Sep 25, 2019 · 3 comments · May be fixed by wp-cli/entity-command#528
Labels
bug

Comments

@rklrkl
Copy link

rklrkl commented Sep 25, 2019

With WP-CLI 2.3.0, I accidentally typo'ed the --user_pass param to "wp user update" as --user-pass (i.e. a minus instead of an underscore). Here's what was output:

wp user update myuser --user-pass=mypass
Success: Updated user 1.

However, it didn't set "mypass" as the user password (it left it as the old one) and didn't report that --user-pass isn't a valid flag. When I used the correct --user_pass flag, I got the same success message but it did change the password to mypass. It needs to give an error message about --user-pass being a bad flag instead of a success message. I didn't check if this applies to similar typos with other user update flags (many of them have underscores).
@salcode
Copy link

salcode commented Oct 6, 2019

The wp user update documentation says the command accepts a number of parameters including the generic

--<field>=<value>

which is described as

One or more fields to update. For accepted fields, see wp_update_user().

The wp_update_user() documentation says

See also: wp_insert_user(): For what fields can be set in $userdata.

As far as I can tell this is an exhaustive list of the field values that can be used.

  • user_pass
  • user_nicename
  • user_url
  • user_email
  • display_name
  • nickname
  • first_name
  • last_name
  • description
  • rich_editing
  • user_registered
  • role
  • syntax_highlighting
  • comment_shortcuts
  • admin_color
  • use_ssl
  • show_admin_bar_front
  • locale

@salcode
Copy link

salcode commented Oct 6, 2019

This same behavior occurs with other update commands,

e.g.

The correct version

wp post update 1 --post_title="New title"

and a version with a typo (underscore _ is replaced with a dash -)

wp post update 1 --post-title="New title"

or a version with any invalid argument.

It would be nice to flag bad fields, perhaps with a warning.

wp post update 1 --notafield="New title"

All display

Success: Updated post 1.

@schlessera schlessera added the bug label Feb 5, 2020
@schlessera
Copy link
Member

Yes, I agree, WP-CLI should verify the flag against a whitelist. This would need to be kept in sync with the WordPress Core version, though, and we need to deal with the changes between Core versions as well.

I'm thinking about an external list of entities and their properties, with starting and/or ending version numbers for each. Having that outside of the individual commands would make it easier to maintain it and check it against new releases.

@karthick-murugan karthick-murugan linked a pull request Mar 20, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Validate Parameter Names in wp user update Command karthick-murugan/entity-command
3 participants
@schlessera @salcode @rklrkl