Make WordPress Core

Changeset 36679


Ignore:
Timestamp:
02/24/2016 03:33:14 PM (9 years ago)
Author:
ocean90
Message:

Multisite: Switch to a usermeta key for email confirmation.

To prevent inconsistent data across sites in a network the new email address is now stored in usermeta. Adds visual feedback for the case when an update has failed.
All existing options will be removed on a database upgrade.

Props MikeHansenMe, kovshenin, jeremyfelt, ocean90.
Fixes #23358.

Location:
trunk/src
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms.php

    r36640 r36679  
    343343        if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
    344344            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
    345             delete_option( $current_user->ID . '_new_email' );
     345            delete_user_meta( $current_user->ID, '_new_email' );
    346346            return;
    347347        }
     
    349349        $hash = md5( $_POST['email'] . time() . mt_rand() );
    350350        $new_user_email = array(
    351                 'hash' => $hash,
    352                 'newemail' => $_POST['email']
    353                 );
    354         update_option( $current_user->ID . '_new_email', $new_user_email );
     351            'hash' => $hash,
     352            'newemail' => $_POST['email']
     353        );
     354        update_user_meta( $current_user->ID, '_new_email', $new_user_email );
    355355
    356356        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     
    409409function new_user_email_admin_notice() {
    410410    global $pagenow;
    411     if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_option( get_current_user_id() . '_new_email' ) ) {
     411    if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
    412412        /* translators: %s: New email address */
    413         echo '<div class="update-nag">' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), esc_html( $email['newemail'] ) ) . '</div>';
     413        echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
    414414    }
    415415}
  • trunk/src/wp-admin/includes/upgrade.php

    r36416 r36679  
    16691669 * @since 4.5.0
    16701670 *
    1671  * @global int $wp_current_db_version
     1671 * @global int  $wp_current_db_version
     1672 * @global wpdb $wpdb
    16721673 */
    16731674function upgrade_450() {
    1674     global $wp_current_db_version;
    1675     if ( $wp_current_db_version < 36180 )
     1675    global $wp_current_db_version, $wpdb;
     1676
     1677    if ( $wp_current_db_version < 36180 ) {
    16761678        wp_clear_scheduled_hook( 'wp_maybe_auto_update' );
     1679    }
     1680
     1681    // Remove unused email confirmation options, moved to usermeta.
     1682    if ( $wp_current_db_version < 36679 && is_multisite() ) {
     1683        $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name REGEXP '^[0-9]+_new_email$'" );
     1684    }
    16771685}
    16781686
  • trunk/src/wp-admin/user-edit.php

    r36655 r36679  
    8383// Execute confirmed email change. See send_confirmation_on_profile_email().
    8484if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
    85     $new_email = get_option( $current_user->ID . '_new_email' );
    86     if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
     85    $new_email = get_user_meta( $current_user->ID, '_new_email', true );
     86    if ( $new_email && $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
    8787        $user = new stdClass;
    8888        $user->ID = $current_user->ID;
    8989        $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
    90         if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
     90        if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
    9191            $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
     92        }
    9293        wp_update_user( $user );
    93         delete_option( $current_user->ID . '_new_email' );
    94         wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
     94        delete_user_meta( $current_user->ID, '_new_email' );
     95        wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
    9596        die();
     97    } else {
     98        wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
    9699    }
    97100} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
    98     delete_option( $current_user->ID . '_new_email' );
     101    delete_user_meta( $current_user->ID, '_new_email' );
    99102    wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
    100103    die();
     
    182185</div>
    183186<?php endif; ?>
     187<?php if ( isset( $_GET['error'] ) ) : ?>
     188<div class="notice notice-error">
     189    <?php if ( 'new-email' == $_GET['error'] ) : ?>
     190    <p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
     191    <?php endif; ?>
     192</div>
     193<?php endif; ?>
    184194<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
    185195<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
     
    384394    <td><input type="email" name="email" id="email" value="<?php echo esc_attr( $profileuser->user_email ) ?>" class="regular-text ltr" />
    385395    <?php
    386     $new_email = get_option( $current_user->ID . '_new_email' );
     396    $new_email = get_user_meta( $current_user->ID, '_new_email', true );
    387397    if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
    388398    <div class="updated inline">
  • trunk/src/wp-includes/version.php

    r36654 r36679  
    1212 * @global int $wp_db_version
    1313 */
    14 $wp_db_version = 36654;
     14$wp_db_version = 36679;
    1515
    1616/**
Note: See TracChangeset for help on using the changeset viewer.