WordPress.org

Make WordPress Core

Changeset 25109


Ignore:
Timestamp:
08/23/2013 09:42:23 PM (5 years ago)
Author:
azaozz
Message:

User state settings:

  • Allow empty cookie value to be saved.
  • Use get_current_user_id() instead of wp_get_current_user().
  • Use is_user_member_of_blog().
  • Sanitize both name and value in wp_set_all_user_settings().
  • Some var names and code formatting cleanup.

Fixes #24921.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/option.php

    r25076 r25109  
    542542        return;
    543543
    544     if ( ! $user = wp_get_current_user() )
     544    if ( ! $user_id = get_current_user_id() )
    545545        return;
    546546
    547     if ( is_super_admin( $user->ID ) &&
    548         ! in_array( get_current_blog_id(), array_keys( get_blogs_of_user( $user->ID ) ) )
    549         )
     547    if ( is_super_admin() && ! is_user_member_of_blog() )
    550548        return;
    551549
    552     $settings = get_user_option( 'user-settings', $user->ID );
    553 
    554     if ( isset( $_COOKIE['wp-settings-' . $user->ID] ) ) {
    555         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user->ID] );
    556 
    557         if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) {
    558             if ( $cookie == $settings )
    559                 return;
    560 
    561             $last_time = (int) get_user_option( 'user-settings-time', $user->ID );
    562             $saved = isset( $_COOKIE['wp-settings-time-' . $user->ID]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user->ID] ) : 0;
    563 
    564             if ( $saved > $last_time ) {
    565                 update_user_option( $user->ID, 'user-settings', $cookie, false );
    566                 update_user_option( $user->ID, 'user-settings-time', time() - 5, false );
    567                 return;
    568             }
    569         }
    570     }
    571 
    572     setcookie( 'wp-settings-' . $user->ID, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
    573     setcookie( 'wp-settings-time-' . $user->ID, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
    574     $_COOKIE['wp-settings-' . $user->ID] = $settings;
     550    $settings = (string) get_user_option( 'user-settings', $user_id );
     551
     552    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     553        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
     554
     555        // No change or both empty
     556        if ( $cookie == $settings )
     557            return;
     558
     559        $last_saved = (int) get_user_option( 'user-settings-time', $user_id );
     560        $current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0;
     561
     562        // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is
     563        if ( $current > $last_saved ) {
     564            update_user_option( $user_id, 'user-settings', $cookie, false );
     565            update_user_option( $user_id, 'user-settings-time', time() - 5, false );
     566            return;
     567        }
     568    }
     569
     570    // The cookie is not set in the current browser or the saved value is newer.
     571    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
     572    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH );
     573    $_COOKIE['wp-settings-' . $user_id] = $settings;
    575574}
    576575
     
    587586 */
    588587function get_user_setting( $name, $default = false ) {
    589 
    590     $all = get_all_user_settings();
    591 
    592     return isset($all[$name]) ? $all[$name] : $default;
     588    $all_user_settings = get_all_user_settings();
     589
     590    return isset( $all_user_settings[$name] ) ? $all_user_settings[$name] : $default;
    593591}
    594592
     
    612610        return false;
    613611
    614     $all = get_all_user_settings();
    615     $name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name );
    616 
    617     if ( empty($name) )
    618         return false;
    619 
    620     $all[$name] = $value;
    621 
    622     return wp_set_all_user_settings($all);
     612    $all_user_settings = get_all_user_settings();
     613    $all_user_settings[$name] = $value;
     614
     615    return wp_set_all_user_settings( $all_user_settings );
    623616}
    624617
     
    641634        return false;
    642635
    643     $all = get_all_user_settings();
     636    $all_user_settings = get_all_user_settings();
    644637    $names = (array) $names;
     638    $deleted = false;
    645639
    646640    foreach ( $names as $name ) {
    647         if ( isset($all[$name]) ) {
    648             unset($all[$name]);
     641        if ( isset( $all_user_settings[$name] ) ) {
     642            unset( $all_user_settings[$name] );
    649643            $deleted = true;
    650644        }
    651645    }
    652646
    653     if ( isset($deleted) )
    654         return wp_set_all_user_settings($all);
     647    if ( $deleted )
     648        return wp_set_all_user_settings( $all_user_settings );
    655649
    656650    return false;
     
    669663    global $_updated_user_settings;
    670664
    671     if ( ! $user = wp_get_current_user() )
     665    if ( ! $user_id = get_current_user_id() )
    672666        return array();
    673667
    674     if ( isset($_updated_user_settings) && is_array($_updated_user_settings) )
     668    if ( isset( $_updated_user_settings ) && is_array( $_updated_user_settings ) )
    675669        return $_updated_user_settings;
    676670
    677     $all = array();
    678     if ( isset($_COOKIE['wp-settings-' . $user->ID]) ) {
    679         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user->ID] );
    680 
    681         if ( $cookie && strpos($cookie, '=') ) // the '=' cannot be 1st char
    682             parse_str($cookie, $all);
    683 
    684     } else {
    685         $option = get_user_option('user-settings', $user->ID);
     671    $user_settings = array();
     672    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) {
     673        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] );
     674
     675        if ( $cookie && strpos( $cookie, '=' ) ) // '=' cannot be 1st char
     676            parse_str( $cookie, $user_settings );
     677
     678    } else {
     679        $option = get_user_option( 'user-settings', $user_id );
    686680        if ( $option && is_string($option) )
    687             parse_str( $option, $all );
    688     }
    689 
    690     return $all;
     681            parse_str( $option, $user_settings );
     682    }
     683
     684    $_updated_user_settings = $user_settings;
     685    return $user_settings;
    691686}
    692687
     
    698693 * @since 2.8.0
    699694 *
    700  * @param unknown $all
     695 * @param array $user_settings
    701696 * @return bool
    702697 */
    703 function wp_set_all_user_settings($all) {
     698function wp_set_all_user_settings( $user_settings ) {
    704699    global $_updated_user_settings;
    705700
    706     if ( ! $user = wp_get_current_user() )
     701    if ( ! $user_id = get_current_user_id() )
    707702        return false;
    708703
    709     if ( is_super_admin( $user->ID ) &&
    710         ! in_array( get_current_blog_id(), array_keys( get_blogs_of_user( $user->ID ) ) )
    711         )
     704    if ( is_super_admin() && ! is_user_member_of_blog() )
    712705        return;
    713706
    714     $_updated_user_settings = $all;
    715707    $settings = '';
    716     foreach ( $all as $k => $v ) {
    717         $v = preg_replace( '/[^A-Za-z0-9_]+/', '', $v );
    718         $settings .= $k . '=' . $v . '&';
     708    foreach ( $user_settings as $name => $value ) {
     709        $_name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name );
     710        $_value = preg_replace( '/[^A-Za-z0-9_]+/', '', $value );
     711
     712        if ( ! empty( $_name ) )
     713            $settings .= $_name . '=' . $_value . '&';
    719714    }
    720715
    721716    $settings = rtrim($settings, '&');
    722 
    723     update_user_option( $user->ID, 'user-settings', $settings, false );
    724     update_user_option( $user->ID, 'user-settings-time', time(), false );
     717    parse_str( $settings, $_updated_user_settings );
     718
     719    update_user_option( $user_id, 'user-settings', $settings, false );
     720    update_user_option( $user_id, 'user-settings-time', time(), false );
    725721
    726722    return true;
     
    735731 */
    736732function delete_all_user_settings() {
    737     if ( ! $user = wp_get_current_user() )
     733    if ( ! $user_id = get_current_user_id() )
    738734        return;
    739735
    740     update_user_option( $user->ID, 'user-settings', '', false );
    741     setcookie('wp-settings-' . $user->ID, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH);
     736    update_user_option( $user_id, 'user-settings', '', false );
     737    setcookie('wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH);
    742738}
    743739
Note: See TracChangeset for help on using the changeset viewer.