Fixed infinite recursion in determine_current_user caused by get_user_locale().

[sun]

Context

• Fixed string translation is invoked before gettext domain is registered. #139

Problem

• As detailed in Fixed string translation is invoked before gettext domain is registered. #139 (comment), get_user_locale() causes an infinite recursion to hook determine_current_user if the request contains the query parameter ?_locale=user.

Stack trace

#0 /wp-includes/class-wp-hook.php(324): wp_validate_auth_cookie(false)
#1 /wp-includes/plugin.php(205): WP_Hook->apply_filters(false, Array)
#2 /wp-includes/user.php(3753): apply_filters('determine_curre...', false)
#3 /wp-includes/pluggable.php(70): _wp_get_current_user()
#4 /wp-includes/l10n.php(98): wp_get_current_user()
#5 /wp-includes/l10n.php(153): get_user_locale()
#6 /wp-includes/l10n.php(1364): determine_locale()
#7 /wp-includes/l10n.php(1409): _load_textdomain_just_in_time('jwt-auth')
#8 /wp-includes/l10n.php(195): get_translations_for_domain('jwt-auth')
#9 /wp-includes/l10n.php(307): translate('Authorization h...', 'jwt-auth')
#10 /wp-content/plugins/jwt-auth/class-auth.php(370): __('Authorization h...', 'jwt-auth')
#11 /wp-content/plugins/jwt-auth/class-auth.php(650): JWTAuth\Auth->validate_token(false)
#12 /wp-includes/class-wp-hook.php(324): JWTAuth\Auth->determine_current_user(false)
#13 /wp-includes/plugin.php(205): WP_Hook->apply_filters(false, Array)
#14 /wp-includes/user.php(3753): apply_filters('determine_curre...', false)
#15 /wp-includes/pluggable.php(70): _wp_get_current_user()
#16 /wp-includes/capabilities.php(911): wp_get_current_user()
#17 /wp-content/plugins/enable-media-replace/classes/emr-plugin.php(46): current_user_can('upload_files')
#18 /wp-includes/class-wp-hook.php(324): EnableMediaReplace\EnableMediaReplacePlugin->runtime('')
#19 /wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters(NULL, Array)
#20 /wp-includes/plugin.php(517): WP_Hook->do_action(Array)
#21 /wp-settings.php(578): do_action('plugins_loaded')
#22 /wp-config.php(76): require_once('...')
#23 /wp-load.php(50): require_once('...')
#24 /wp-blog-header.php(13): require_once('...')
#25 /index.php(17): require('...')

Code path

1. determine_current_user gets invoked
2. jwt-auth validates token and generates message for response with gettext string translation
3. string translation checks user locale
4. get_user_locale() invokes determine_current_user

Details

• Balancing string translations with user authentication in this early stage of a request is hard.
• It is possible that there are further possible code paths for infinite recursions in similar cross-dependencies (even before Fixed string translation is invoked before gettext domain is registered. #139).
• Removing string translations from the response would resolve the problem in all cases.
• But unless we find other cases, we can just shield the string translations.

Proposed solution

1. Only invoke gettext string translation if the gettext domain has been loaded already.

[sun]

This is now deployed to our sites and seems to resolve the problems.

[sun]

We should merge this ASAP to prevent people from running into the infinite recursion error if they download the latest code in master (since 2025-07-24). I need at least one approval to be able to merge.