Multisite: Switch to a usermeta key for email confirmation.

To prevent inconsistent data across sites in a network the new email address is now stored in usermeta. Adds visual feedback for the case when an update has failed.
All existing options will be removed on a database upgrade.

Props MikeHansenMe, kovshenin, jeremyfelt, ocean90.
Fixes #23358.

git-svn-id: https://develop.svn.wordpress.org/trunk@36679 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90) 2016-02-24 15:33:14 +00:00
parent b464a4ba3a
commit 8b8312f822
4 changed files with 36 additions and 18 deletions

View File

@ -342,7 +342,7 @@ function send_confirmation_on_profile_email() {
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
delete_option( $current_user->ID . '_new_email' );
delete_user_meta( $current_user->ID, '_new_email' );
return;
}
@ -351,7 +351,7 @@ function send_confirmation_on_profile_email() {
'hash' => $hash,
'newemail' => $_POST['email']
);
update_option( $current_user->ID . '_new_email', $new_user_email );
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __( 'Howdy ###USERNAME###,
@ -408,9 +408,9 @@ All at ###SITENAME###
*/
function new_user_email_admin_notice() {
global $pagenow;
if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_option( get_current_user_id() . '_new_email' ) ) {
if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
/* translators: %s: New email address */
echo '<div class="update-nag">' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), esc_html( $email['newemail'] ) ) . '</div>';
echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
}
}

View File

@ -1669,11 +1669,19 @@ function upgrade_440() {
* @since 4.5.0
*
* @global int $wp_current_db_version
* @global wpdb $wpdb
*/
function upgrade_450() {
global $wp_current_db_version;
if ( $wp_current_db_version < 36180 )
global $wp_current_db_version, $wpdb;
if ( $wp_current_db_version < 36180 ) {
wp_clear_scheduled_hook( 'wp_maybe_auto_update' );
}
// Remove unused email confirmation options, moved to usermeta.
if ( $wp_current_db_version < 36679 && is_multisite() ) {
$wpdb->query( "DELETE FROM $wpdb->options WHERE option_name REGEXP '^[0-9]+_new_email$'" );
}
}
/**

View File

@ -82,20 +82,23 @@ if ( is_multisite()
// Execute confirmed email change. See send_confirmation_on_profile_email().
if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
$new_email = get_option( $current_user->ID . '_new_email' );
if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
$new_email = get_user_meta( $current_user->ID, '_new_email', true );
if ( $new_email && $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
$user = new stdClass;
$user->ID = $current_user->ID;
$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
}
wp_update_user( $user );
delete_option( $current_user->ID . '_new_email' );
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
delete_user_meta( $current_user->ID, '_new_email' );
wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
die();
} else {
wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
}
} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
delete_option( $current_user->ID . '_new_email' );
delete_user_meta( $current_user->ID, '_new_email' );
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
die();
}
@ -181,6 +184,13 @@ include(ABSPATH . 'wp-admin/admin-header.php');
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ( isset( $_GET['error'] ) ) : ?>
<div class="notice notice-error">
<?php if ( 'new-email' == $_GET['error'] ) : ?>
<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
<?php endif; ?>
@ -383,7 +393,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
<th><label for="email"><?php _e('Email'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
<td><input type="email" name="email" id="email" value="<?php echo esc_attr( $profileuser->user_email ) ?>" class="regular-text ltr" />
<?php
$new_email = get_option( $current_user->ID . '_new_email' );
$new_email = get_user_meta( $current_user->ID, '_new_email', true );
if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
<div class="updated inline">
<p><?php

View File

@ -11,7 +11,7 @@ $wp_version = '4.5-alpha-35776-src';
*
* @global int $wp_db_version
*/
$wp_db_version = 36654;
$wp_db_version = 36679;
/**
* Holds the TinyMCE version