WordPress.org

Make WordPress Core


Ignore:
Timestamp:
02/24/2016 03:33:14 PM (4 years ago)
Author:
ocean90
Message:

Multisite: Switch to a usermeta key for email confirmation.

To prevent inconsistent data across sites in a network the new email address is now stored in usermeta. Adds visual feedback for the case when an update has failed.
All existing options will be removed on a database upgrade.

Props MikeHansenMe, kovshenin, jeremyfelt, ocean90.
Fixes #23358.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/user-edit.php

    r36655 r36679  
    8383// Execute confirmed email change. See send_confirmation_on_profile_email().
    8484if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
    85     $new_email = get_option( $current_user->ID . '_new_email' );
    86     if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
     85    $new_email = get_user_meta( $current_user->ID, '_new_email', true );
     86    if ( $new_email && $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
    8787        $user = new stdClass;
    8888        $user->ID = $current_user->ID;
    8989        $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
    90         if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
     90        if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
    9191            $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
     92        }
    9293        wp_update_user( $user );
    93         delete_option( $current_user->ID . '_new_email' );
    94         wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
     94        delete_user_meta( $current_user->ID, '_new_email' );
     95        wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
    9596        die();
     97    } else {
     98        wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
    9699    }
    97100} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
    98     delete_option( $current_user->ID . '_new_email' );
     101    delete_user_meta( $current_user->ID, '_new_email' );
    99102    wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
    100103    die();
     
    182185</div>
    183186<?php endif; ?>
     187<?php if ( isset( $_GET['error'] ) ) : ?>
     188<div class="notice notice-error">
     189    <?php if ( 'new-email' == $_GET['error'] ) : ?>
     190    <p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
     191    <?php endif; ?>
     192</div>
     193<?php endif; ?>
    184194<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
    185195<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
     
    384394    <td><input type="email" name="email" id="email" value="<?php echo esc_attr( $profileuser->user_email ) ?>" class="regular-text ltr" />
    385395    <?php
    386     $new_email = get_option( $current_user->ID . '_new_email' );
     396    $new_email = get_user_meta( $current_user->ID, '_new_email', true );
    387397    if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
    388398    <div class="updated inline">
Note: See TracChangeset for help on using the changeset viewer.