From 400ccba16751b0eacb2c645dbf46f2eddac63c28 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 2 Mar 2026 14:32:59 +1000 Subject: [PATCH] Validate user existence before adding as co-author add_co_author() now verifies the user ID refers to an existing user before storing it in post meta. Prevents stale or invalid user IDs from accumulating in the co-authors list. Co-Authored-By: Claude Opus 4.6 --- includes/class-map-co-authors.php | 4 ++++ tests/Test_Co_Authors.php | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/includes/class-map-co-authors.php b/includes/class-map-co-authors.php index cc5664c..1b7de45 100644 --- a/includes/class-map-co-authors.php +++ b/includes/class-map-co-authors.php @@ -71,6 +71,10 @@ public static function add_co_author( int $post_id, int $user_id ): bool { return false; } + if ( ! get_userdata( $user_id ) ) { + return false; + } + // The post's original author never needs to be stored as a co-author. if ( (int) $post->post_author === $user_id ) { return true; diff --git a/tests/Test_Co_Authors.php b/tests/Test_Co_Authors.php index 045be2f..5556e3a 100644 --- a/tests/Test_Co_Authors.php +++ b/tests/Test_Co_Authors.php @@ -30,6 +30,11 @@ public function test_get_co_authors_returns_empty_array_by_default(): void { $this->assertSame( array(), Co_Authors::get_co_authors( $this->post_id ) ); } + public function test_add_co_author_rejects_nonexistent_user(): void { + $this->assertFalse( Co_Authors::add_co_author( $this->post_id, 999999 ) ); + $this->assertNotContains( 999999, Co_Authors::get_co_authors( $this->post_id ) ); + } + public function test_add_co_author_returns_true(): void { $this->assertTrue( Co_Authors::add_co_author( $this->post_id, $this->user_id ) ); }