From 8b8312f8227cd89f09bb6503eeeb4cb67c867412 Mon Sep 17 00:00:00 2001 From: "Dominik Schilling (ocean90)" Date: Wed, 24 Feb 2016 15:33:14 +0000 Subject: [PATCH] Multisite: Switch to a usermeta key for email confirmation. To prevent inconsistent data across sites in a network the new email address is now stored in usermeta. Adds visual feedback for the case when an update has failed. All existing options will be removed on a database upgrade. Props MikeHansenMe, kovshenin, jeremyfelt, ocean90. Fixes #23358. git-svn-id: https://develop.svn.wordpress.org/trunk@36679 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/ms.php | 14 +++++++------- src/wp-admin/includes/upgrade.php | 14 +++++++++++--- src/wp-admin/user-edit.php | 24 +++++++++++++++++------- src/wp-includes/version.php | 2 +- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/src/wp-admin/includes/ms.php b/src/wp-admin/includes/ms.php index 5f9ba58024..6e8fb07ea3 100644 --- a/src/wp-admin/includes/ms.php +++ b/src/wp-admin/includes/ms.php @@ -342,16 +342,16 @@ function send_confirmation_on_profile_email() { if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) { $errors->add( 'user_email', __( "ERROR: The email address is already used." ), array( 'form-field' => 'email' ) ); - delete_option( $current_user->ID . '_new_email' ); + delete_user_meta( $current_user->ID, '_new_email' ); return; } $hash = md5( $_POST['email'] . time() . mt_rand() ); $new_user_email = array( - 'hash' => $hash, - 'newemail' => $_POST['email'] - ); - update_option( $current_user->ID . '_new_email', $new_user_email ); + 'hash' => $hash, + 'newemail' => $_POST['email'] + ); + update_user_meta( $current_user->ID, '_new_email', $new_user_email ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( 'Howdy ###USERNAME###, @@ -408,9 +408,9 @@ All at ###SITENAME### */ function new_user_email_admin_notice() { global $pagenow; - if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_option( get_current_user_id() . '_new_email' ) ) { + if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) { /* translators: %s: New email address */ - echo '
' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), esc_html( $email['newemail'] ) ) . '
'; + echo '

' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '' . esc_html( $email['newemail'] ) . '' ) . '

'; } } diff --git a/src/wp-admin/includes/upgrade.php b/src/wp-admin/includes/upgrade.php index 07de24677a..b4ae33857c 100644 --- a/src/wp-admin/includes/upgrade.php +++ b/src/wp-admin/includes/upgrade.php @@ -1668,12 +1668,20 @@ function upgrade_440() { * @ignore * @since 4.5.0 * - * @global int $wp_current_db_version + * @global int $wp_current_db_version + * @global wpdb $wpdb */ function upgrade_450() { - global $wp_current_db_version; - if ( $wp_current_db_version < 36180 ) + global $wp_current_db_version, $wpdb; + + if ( $wp_current_db_version < 36180 ) { wp_clear_scheduled_hook( 'wp_maybe_auto_update' ); + } + + // Remove unused email confirmation options, moved to usermeta. + if ( $wp_current_db_version < 36679 && is_multisite() ) { + $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name REGEXP '^[0-9]+_new_email$'" ); + } } /** diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php index 0a38507a6c..bbf21f4510 100644 --- a/src/wp-admin/user-edit.php +++ b/src/wp-admin/user-edit.php @@ -82,20 +82,23 @@ if ( is_multisite() // Execute confirmed email change. See send_confirmation_on_profile_email(). if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { - $new_email = get_option( $current_user->ID . '_new_email' ); - if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { + $new_email = get_user_meta( $current_user->ID, '_new_email', true ); + if ( $new_email && $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { $user = new stdClass; $user->ID = $current_user->ID; $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); - if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) + if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) { $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); + } wp_update_user( $user ); - delete_option( $current_user->ID . '_new_email' ); - wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); + delete_user_meta( $current_user->ID, '_new_email' ); + wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) ); die(); + } else { + wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) ); } } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) { - delete_option( $current_user->ID . '_new_email' ); + delete_user_meta( $current_user->ID, '_new_email' ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); die(); } @@ -181,6 +184,13 @@ include(ABSPATH . 'wp-admin/admin-header.php'); + +
+ +

+ +
+

\n

", $errors->get_error_messages() ); ?>

@@ -383,7 +393,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c ID . '_new_email' ); + $new_email = get_user_meta( $current_user->ID, '_new_email', true ); if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>