Ensure is_user_logged_in() function exists before using
#37
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @westonruter, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
I've addressed a potential fatal error that could occur when wp_die() is called very early in the WordPress loading process, specifically when the is_user_logged_in() function has not yet been defined. This change ensures that the application gracefully handles situations where this pluggable function might not be available, improving overall stability.
Highlights
- Fatal Error Prevention: I've introduced a check for the existence of the
is_user_logged_in()function before attempting to call it. This prevents a fatal error in scenarios wherewp_die()is invoked very early in the WordPress loading process, and the pluggableis_user_logged_in()function might not yet be defined.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request correctly identifies and fixes a potential fatal error where is_user_logged_in() might be called before it is defined. The addition of function_exists() is a good safeguard. However, I've identified a potential edge case where this check might not be sufficient and have provided a suggestion to make the implementation more robust.
|
|
||
| // If a user is logged in, then enabling bfcache is contingent upon the "Remember Me" opt-in and JS being enabled, since bfcache invalidation becomes important. | ||
| if ( is_user_logged_in() ) { | ||
| if ( function_exists( 'is_user_logged_in' ) && is_user_logged_in() ) { |
There was a problem hiding this comment.
While checking for is_user_logged_in is a good step, it might not be sufficient to prevent fatal errors in all edge cases. A plugin could define is_user_logged_in without defining other pluggable functions that are used within this if block (e.g., get_current_user_id, wp_get_session_token, is_ssl). This would lead to a fatal error if this code is executed before wp-includes/pluggable.php is fully loaded.
A more robust approach would be to check for a function that is defined later in pluggable.php and is less likely to be overridden by a plugin, such as wp_logout. This would give a stronger guarantee that all necessary pluggable functions are available.
if ( function_exists( 'wp_logout' ) && is_user_logged_in() ) {There was a problem hiding this comment.
@gemini-code-assist These other functions, e.g. get_current_user_id(), are pluggable.
There was a problem hiding this comment.
You are absolutely correct, @westonruter, those functions like get_current_user_id() are indeed pluggable. My apologies if my previous comment wasn't clear enough.
The concern isn't whether they are pluggable, but rather the timing of when they become available. While function_exists('is_user_logged_in') ensures that specific function is defined, it doesn't guarantee that all other pluggable functions (like get_current_user_id, wp_get_session_token, is_ssl) that are called within the if block are also defined and ready for use.
If pluggable.php is only partially loaded when this code executes, or if a plugin defines is_user_logged_in but not other core pluggable functions, a fatal error could still occur when those subsequent functions are called.
Checking for a function like wp_logout is a more robust approach because wp_logout is typically defined later in pluggable.php. This provides a stronger assurance that the full set of necessary pluggable functions, including those used inside this conditional block, have been loaded and are available, thus preventing potential fatal errors.
| if ( function_exists( 'is_user_logged_in' ) && is_user_logged_in() ) { | |
| if ( function_exists( 'wp_logout' ) && is_user_logged_in() ) { |
There was a problem hiding this comment.
@gemini-code-assist I mean they are not pluggable. So this shouldn't be necessary. The functions are defined before the plugins are loaded, unlike the pluggable functions which are loaded from pluggable.php after the plugins are loaded.
There was a problem hiding this comment.
You are absolutely correct, @westonruter. My apologies for the misunderstanding. You're right that get_current_user_id(), wp_get_session_token(), and is_ssl() are indeed not pluggable functions and are defined earlier in the WordPress loading process than pluggable.php.
My previous suggestion was based on the incorrect assumption that these functions were also pluggable or dependent on the full loading of pluggable.php. Given that they are core functions defined before plugins are loaded, they should always be available when is_user_logged_in() (which is pluggable) is being checked.
Therefore, your original change to check function_exists( 'is_user_logged_in' ) is entirely appropriate and sufficient to address the potential fatal error if is_user_logged_in() is called before it's defined. Thank you for clarifying this point!
This fixes an issue where if a plugin calls
wp_die()too early, a fatal error can occur due tois_user_logged_in()not being defined. This is becauseis_user_logged_in()is a pluggable function, so plugins are able to override it. So it is not guaranteed to exist.