WordPress.org

Make WordPress Core

Changeset 25109


Ignore:
Timestamp:
08/23/13 21:42:23 (8 months ago)
Author:
azaozz
Message:

User state settings:

  • Allow empty cookie value to be saved.
  • Use get_current_user_id() instead of wp_get_current_user().
  • Use is_user_member_of_blog().
  • Sanitize both name and value in wp_set_all_user_settings().
  • Some var names and code formatting cleanup.

Fixes #24921.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/option.php

    r25076 r25109  
    542542        return; 
    543543 
    544     if ( ! $user = wp_get_current_user() ) 
     544    if ( ! $user_id = get_current_user_id() ) 
    545545        return; 
    546546 
    547     if ( is_super_admin( $user->ID ) && 
    548         ! in_array( get_current_blog_id(), array_keys( get_blogs_of_user( $user->ID ) ) ) 
    549         ) 
     547    if ( is_super_admin() && ! is_user_member_of_blog() ) 
    550548        return; 
    551549 
    552     $settings = get_user_option( 'user-settings', $user->ID ); 
    553  
    554     if ( isset( $_COOKIE['wp-settings-' . $user->ID] ) ) { 
    555         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user->ID] ); 
    556  
    557         if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) { 
    558             if ( $cookie == $settings ) 
    559                 return; 
    560  
    561             $last_time = (int) get_user_option( 'user-settings-time', $user->ID ); 
    562             $saved = isset( $_COOKIE['wp-settings-time-' . $user->ID]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user->ID] ) : 0; 
    563  
    564             if ( $saved > $last_time ) { 
    565                 update_user_option( $user->ID, 'user-settings', $cookie, false ); 
    566                 update_user_option( $user->ID, 'user-settings-time', time() - 5, false ); 
    567                 return; 
    568             } 
    569         } 
    570     } 
    571  
    572     setcookie( 'wp-settings-' . $user->ID, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH ); 
    573     setcookie( 'wp-settings-time-' . $user->ID, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH ); 
    574     $_COOKIE['wp-settings-' . $user->ID] = $settings; 
     550    $settings = (string) get_user_option( 'user-settings', $user_id ); 
     551 
     552    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) { 
     553        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] ); 
     554 
     555        // No change or both empty 
     556        if ( $cookie == $settings ) 
     557            return; 
     558 
     559        $last_saved = (int) get_user_option( 'user-settings-time', $user_id ); 
     560        $current = isset( $_COOKIE['wp-settings-time-' . $user_id]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user_id] ) : 0; 
     561 
     562        // The cookie is newer than the saved value. Update the user_option and leave the cookie as-is 
     563        if ( $current > $last_saved ) { 
     564            update_user_option( $user_id, 'user-settings', $cookie, false ); 
     565            update_user_option( $user_id, 'user-settings-time', time() - 5, false ); 
     566            return; 
     567        } 
     568    } 
     569 
     570    // The cookie is not set in the current browser or the saved value is newer. 
     571    setcookie( 'wp-settings-' . $user_id, $settings, time() + YEAR_IN_SECONDS, SITECOOKIEPATH ); 
     572    setcookie( 'wp-settings-time-' . $user_id, time(), time() + YEAR_IN_SECONDS, SITECOOKIEPATH ); 
     573    $_COOKIE['wp-settings-' . $user_id] = $settings; 
    575574} 
    576575 
     
    587586 */ 
    588587function get_user_setting( $name, $default = false ) { 
    589  
    590     $all = get_all_user_settings(); 
    591  
    592     return isset($all[$name]) ? $all[$name] : $default; 
     588    $all_user_settings = get_all_user_settings(); 
     589 
     590    return isset( $all_user_settings[$name] ) ? $all_user_settings[$name] : $default; 
    593591} 
    594592 
     
    612610        return false; 
    613611 
    614     $all = get_all_user_settings(); 
    615     $name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name ); 
    616  
    617     if ( empty($name) ) 
    618         return false; 
    619  
    620     $all[$name] = $value; 
    621  
    622     return wp_set_all_user_settings($all); 
     612    $all_user_settings = get_all_user_settings(); 
     613    $all_user_settings[$name] = $value; 
     614 
     615    return wp_set_all_user_settings( $all_user_settings ); 
    623616} 
    624617 
     
    641634        return false; 
    642635 
    643     $all = get_all_user_settings(); 
     636    $all_user_settings = get_all_user_settings(); 
    644637    $names = (array) $names; 
     638    $deleted = false; 
    645639 
    646640    foreach ( $names as $name ) { 
    647         if ( isset($all[$name]) ) { 
    648             unset($all[$name]); 
     641        if ( isset( $all_user_settings[$name] ) ) { 
     642            unset( $all_user_settings[$name] ); 
    649643            $deleted = true; 
    650644        } 
    651645    } 
    652646 
    653     if ( isset($deleted) ) 
    654         return wp_set_all_user_settings($all); 
     647    if ( $deleted ) 
     648        return wp_set_all_user_settings( $all_user_settings ); 
    655649 
    656650    return false; 
     
    669663    global $_updated_user_settings; 
    670664 
    671     if ( ! $user = wp_get_current_user() ) 
     665    if ( ! $user_id = get_current_user_id() ) 
    672666        return array(); 
    673667 
    674     if ( isset($_updated_user_settings) && is_array($_updated_user_settings) ) 
     668    if ( isset( $_updated_user_settings ) && is_array( $_updated_user_settings ) ) 
    675669        return $_updated_user_settings; 
    676670 
    677     $all = array(); 
    678     if ( isset($_COOKIE['wp-settings-' . $user->ID]) ) { 
    679         $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user->ID] ); 
    680  
    681         if ( $cookie && strpos($cookie, '=') ) // the '=' cannot be 1st char 
    682             parse_str($cookie, $all); 
    683  
    684     } else { 
    685         $option = get_user_option('user-settings', $user->ID); 
     671    $user_settings = array(); 
     672    if ( isset( $_COOKIE['wp-settings-' . $user_id] ) ) { 
     673        $cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user_id] ); 
     674 
     675        if ( $cookie && strpos( $cookie, '=' ) ) // '=' cannot be 1st char 
     676            parse_str( $cookie, $user_settings ); 
     677 
     678    } else { 
     679        $option = get_user_option( 'user-settings', $user_id ); 
    686680        if ( $option && is_string($option) ) 
    687             parse_str( $option, $all ); 
    688     } 
    689  
    690     return $all; 
     681            parse_str( $option, $user_settings ); 
     682    } 
     683 
     684    $_updated_user_settings = $user_settings; 
     685    return $user_settings; 
    691686} 
    692687 
     
    698693 * @since 2.8.0 
    699694 * 
    700  * @param unknown $all 
     695 * @param array $user_settings 
    701696 * @return bool 
    702697 */ 
    703 function wp_set_all_user_settings($all) { 
     698function wp_set_all_user_settings( $user_settings ) { 
    704699    global $_updated_user_settings; 
    705700 
    706     if ( ! $user = wp_get_current_user() ) 
     701    if ( ! $user_id = get_current_user_id() ) 
    707702        return false; 
    708703 
    709     if ( is_super_admin( $user->ID ) && 
    710         ! in_array( get_current_blog_id(), array_keys( get_blogs_of_user( $user->ID ) ) ) 
    711         ) 
     704    if ( is_super_admin() && ! is_user_member_of_blog() ) 
    712705        return; 
    713706 
    714     $_updated_user_settings = $all; 
    715707    $settings = ''; 
    716     foreach ( $all as $k => $v ) { 
    717         $v = preg_replace( '/[^A-Za-z0-9_]+/', '', $v ); 
    718         $settings .= $k . '=' . $v . '&'; 
     708    foreach ( $user_settings as $name => $value ) { 
     709        $_name = preg_replace( '/[^A-Za-z0-9_]+/', '', $name ); 
     710        $_value = preg_replace( '/[^A-Za-z0-9_]+/', '', $value ); 
     711 
     712        if ( ! empty( $_name ) ) 
     713            $settings .= $_name . '=' . $_value . '&'; 
    719714    } 
    720715 
    721716    $settings = rtrim($settings, '&'); 
    722  
    723     update_user_option( $user->ID, 'user-settings', $settings, false ); 
    724     update_user_option( $user->ID, 'user-settings-time', time(), false ); 
     717    parse_str( $settings, $_updated_user_settings ); 
     718 
     719    update_user_option( $user_id, 'user-settings', $settings, false ); 
     720    update_user_option( $user_id, 'user-settings-time', time(), false ); 
    725721 
    726722    return true; 
     
    735731 */ 
    736732function delete_all_user_settings() { 
    737     if ( ! $user = wp_get_current_user() ) 
     733    if ( ! $user_id = get_current_user_id() ) 
    738734        return; 
    739735 
    740     update_user_option( $user->ID, 'user-settings', '', false ); 
    741     setcookie('wp-settings-' . $user->ID, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH); 
     736    update_user_option( $user_id, 'user-settings', '', false ); 
     737    setcookie('wp-settings-' . $user_id, ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH); 
    742738} 
    743739 
Note: See TracChangeset for help on using the changeset viewer.