WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/30/2017 11:09:33 PM (3 years ago)
Author:
pento
Message:

Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/user.php

    r42228 r42343  
    3030function edit_user( $user_id = 0 ) {
    3131    $wp_roles = wp_roles();
    32     $user = new stdClass;
     32    $user     = new stdClass;
    3333    if ( $user_id ) {
    34         $update = true;
    35         $user->ID = (int) $user_id;
    36         $userdata = get_userdata( $user_id );
     34        $update           = true;
     35        $user->ID         = (int) $user_id;
     36        $userdata         = get_userdata( $user_id );
    3737        $user->user_login = wp_slash( $userdata->user_login );
    3838    } else {
     
    4040    }
    4141
    42     if ( !$update && isset( $_POST['user_login'] ) )
    43         $user->user_login = sanitize_user($_POST['user_login'], true);
     42    if ( ! $update && isset( $_POST['user_login'] ) ) {
     43        $user->user_login = sanitize_user( $_POST['user_login'], true );
     44    }
    4445
    4546    $pass1 = $pass2 = '';
    46     if ( isset( $_POST['pass1'] ) )
     47    if ( isset( $_POST['pass1'] ) ) {
    4748        $pass1 = $_POST['pass1'];
    48     if ( isset( $_POST['pass2'] ) )
     49    }
     50    if ( isset( $_POST['pass2'] ) ) {
    4951        $pass2 = $_POST['pass2'];
     52    }
    5053
    5154    if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
    52         $new_role = sanitize_text_field( $_POST['role'] );
    53         $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
     55        $new_role       = sanitize_text_field( $_POST['role'] );
     56        $potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
    5457        // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
    5558        // Multisite super admins can freely edit their blog roles -- they possess all caps.
    56         if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
     59        if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ( $potential_role && $potential_role->has_cap( 'edit_users' ) ) ) {
    5760            $user->role = $new_role;
     61        }
    5862
    5963        // If the new role isn't editable by the logged-in user die with error
    6064        $editable_roles = get_editable_roles();
    61         if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
     65        if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {
    6266            wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    63     }
    64 
    65     if ( isset( $_POST['email'] ))
     67        }
     68    }
     69
     70    if ( isset( $_POST['email'] ) ) {
    6671        $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
     72    }
    6773    if ( isset( $_POST['url'] ) ) {
    68         if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
     74        if ( empty( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
    6975            $user->user_url = '';
    7076        } else {
    7177            $user->user_url = esc_url_raw( $_POST['url'] );
    72             $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
    73             $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    74         }
    75     }
    76     if ( isset( $_POST['first_name'] ) )
     78            $protocols      = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
     79            $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
     80        }
     81    }
     82    if ( isset( $_POST['first_name'] ) ) {
    7783        $user->first_name = sanitize_text_field( $_POST['first_name'] );
    78     if ( isset( $_POST['last_name'] ) )
     84    }
     85    if ( isset( $_POST['last_name'] ) ) {
    7986        $user->last_name = sanitize_text_field( $_POST['last_name'] );
    80     if ( isset( $_POST['nickname'] ) )
     87    }
     88    if ( isset( $_POST['nickname'] ) ) {
    8189        $user->nickname = sanitize_text_field( $_POST['nickname'] );
    82     if ( isset( $_POST['display_name'] ) )
     90    }
     91    if ( isset( $_POST['display_name'] ) ) {
    8392        $user->display_name = sanitize_text_field( $_POST['display_name'] );
    84 
    85     if ( isset( $_POST['description'] ) )
     93    }
     94
     95    if ( isset( $_POST['description'] ) ) {
    8696        $user->description = trim( $_POST['description'] );
     97    }
    8798
    8899    foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {
    89         if ( isset( $_POST[$method] ))
    90             $user->$method = sanitize_text_field( $_POST[$method] );
     100        if ( isset( $_POST[ $method ] ) ) {
     101            $user->$method = sanitize_text_field( $_POST[ $method ] );
     102        }
    91103    }
    92104
    93105    if ( $update ) {
    94         $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
    95         $user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
    96         $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
     106        $user->rich_editing         = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
     107        $user->syntax_highlighting  = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
     108        $user->admin_color          = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
    97109        $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
    98         $user->locale = '';
     110        $user->locale               = '';
    99111
    100112        if ( isset( $_POST['locale'] ) ) {
     
    115127
    116128    $user->use_ssl = 0;
    117     if ( !empty($_POST['use_ssl']) )
     129    if ( ! empty( $_POST['use_ssl'] ) ) {
    118130        $user->use_ssl = 1;
     131    }
    119132
    120133    $errors = new WP_Error();
    121134
    122135    /* checking that username has been typed */
    123     if ( $user->user_login == '' )
     136    if ( $user->user_login == '' ) {
    124137        $errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
     138    }
    125139
    126140    /* checking that nickname has been typed */
     
    146160
    147161    // Check for "\" in password.
    148     if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) {
     162    if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {
    149163        $errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
    150164    }
     
    155169    }
    156170
    157     if ( !empty( $pass1 ) )
     171    if ( ! empty( $pass1 ) ) {
    158172        $user->user_pass = $pass1;
    159 
    160     if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
    161         $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
    162 
    163     if ( !$update && username_exists( $user->user_login ) )
    164         $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
     173    }
     174
     175    if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {
     176        $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
     177    }
     178
     179    if ( ! $update && username_exists( $user->user_login ) ) {
     180        $errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
     181    }
    165182
    166183    /** This filter is documented in wp-includes/user.php */
     
    174191    if ( empty( $user->user_email ) ) {
    175192        $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );
    176     } elseif ( !is_email( $user->user_email ) ) {
     193    } elseif ( ! is_email( $user->user_email ) ) {
    177194        $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ), array( 'form-field' => 'email' ) );
    178     } elseif ( ( $owner_id = email_exists($user->user_email) ) && ( !$update || ( $owner_id != $user->ID ) ) ) {
    179         $errors->add( 'email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) );
     195    } elseif ( ( $owner_id = email_exists( $user->user_email ) ) && ( ! $update || ( $owner_id != $user->ID ) ) ) {
     196        $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array( 'form-field' => 'email' ) );
    180197    }
    181198
     
    191208    do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );
    192209
    193     if ( $errors->get_error_codes() )
     210    if ( $errors->get_error_codes() ) {
    194211        return $errors;
     212    }
    195213
    196214    if ( $update ) {
     
    256274    $user = get_userdata( $user_id );
    257275
    258     if ( $user )
     276    if ( $user ) {
    259277        $user->filter = 'edit';
     278    }
    260279
    261280    return $user;
     
    274293function get_users_drafts( $user_id ) {
    275294    global $wpdb;
    276     $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
     295    $query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );
    277296
    278297    /**
     
    310329    }
    311330
    312     $id = (int) $id;
     331    $id   = (int) $id;
    313332    $user = new WP_User( $id );
    314333
    315     if ( !$user->exists() )
     334    if ( ! $user->exists() ) {
    316335        return false;
     336    }
    317337
    318338    // Normalize $reassign to null or a user ID. 'novalue' was an older default.
     
    354374        $post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id );
    355375        $post_types_to_delete = implode( "', '", $post_types_to_delete );
    356         $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
     376        $post_ids             = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
    357377        if ( $post_ids ) {
    358             foreach ( $post_ids as $post_id )
     378            foreach ( $post_ids as $post_id ) {
    359379                wp_delete_post( $post_id );
     380            }
    360381        }
    361382
    362383        // Clean links
    363         $link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
     384        $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
    364385
    365386        if ( $link_ids ) {
    366             foreach ( $link_ids as $link_id )
    367                 wp_delete_link($link_id);
     387            foreach ( $link_ids as $link_id ) {
     388                wp_delete_link( $link_id );
     389            }
    368390        }
    369391    } else {
    370392        $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id ) );
    371         $wpdb->update( $wpdb->posts, array('post_author' => $reassign), array('post_author' => $id) );
     393        $wpdb->update( $wpdb->posts, array( 'post_author' => $reassign ), array( 'post_author' => $id ) );
    372394        if ( ! empty( $post_ids ) ) {
    373             foreach ( $post_ids as $post_id )
     395            foreach ( $post_ids as $post_id ) {
    374396                clean_post_cache( $post_id );
    375         }
    376         $link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
    377         $wpdb->update( $wpdb->links, array('link_owner' => $reassign), array('link_owner' => $id) );
     397            }
     398        }
     399        $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
     400        $wpdb->update( $wpdb->links, array( 'link_owner' => $reassign ), array( 'link_owner' => $id ) );
    378401        if ( ! empty( $link_ids ) ) {
    379             foreach ( $link_ids as $link_id )
     402            foreach ( $link_ids as $link_id ) {
    380403                clean_bookmark_cache( $link_id );
     404            }
    381405        }
    382406    }
     
    387411    } else {
    388412        $meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) );
    389         foreach ( $meta as $mid )
     413        foreach ( $meta as $mid ) {
    390414            delete_metadata_by_mid( 'user', $mid );
     415        }
    391416
    392417        $wpdb->delete( $wpdb->users, array( 'ID' => $id ) );
     
    416441 * @param int $id User ID.
    417442 */
    418 function wp_revoke_user($id) {
     443function wp_revoke_user( $id ) {
    419444    $id = (int) $id;
    420445
    421     $user = new WP_User($id);
     446    $user = new WP_User( $id );
    422447    $user->remove_all_caps();
    423448}
     
    430455 * @param false $errors Deprecated.
    431456 */
    432 function default_password_nag_handler($errors = false) {
     457function default_password_nag_handler( $errors = false ) {
    433458    global $user_ID;
    434459    // Short-circuit it.
    435     if ( ! get_user_option('default_password_nag') )
     460    if ( ! get_user_option( 'default_password_nag' ) ) {
    436461        return;
     462    }
    437463
    438464    // get_user_setting = JS saved UI setting. else no-js-fallback code.
    439     if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) {
    440         delete_user_setting('default_password_nag');
    441         update_user_option($user_ID, 'default_password_nag', false, true);
     465    if ( 'hide' == get_user_setting( 'default_password_nag' ) || isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag'] ) {
     466        delete_user_setting( 'default_password_nag' );
     467        update_user_option( $user_ID, 'default_password_nag', false, true );
    442468    }
    443469}
     
    449475 * @param object $old_data
    450476 */
    451 function default_password_nag_edit_user($user_ID, $old_data) {
     477function default_password_nag_edit_user( $user_ID, $old_data ) {
    452478    // Short-circuit it.
    453     if ( ! get_user_option('default_password_nag', $user_ID) )
     479    if ( ! get_user_option( 'default_password_nag', $user_ID ) ) {
    454480        return;
    455 
    456     $new_data = get_userdata($user_ID);
     481    }
     482
     483    $new_data = get_userdata( $user_ID );
    457484
    458485    // Remove the nag if the password has been changed.
    459486    if ( $new_data->user_pass != $old_data->user_pass ) {
    460         delete_user_setting('default_password_nag');
    461         update_user_option($user_ID, 'default_password_nag', false, true);
     487        delete_user_setting( 'default_password_nag' );
     488        update_user_option( $user_ID, 'default_password_nag', false, true );
    462489    }
    463490}
     
    471498    global $pagenow;
    472499    // Short-circuit it.
    473     if ( 'profile.php' == $pagenow || ! get_user_option('default_password_nag') )
     500    if ( 'profile.php' == $pagenow || ! get_user_option( 'default_password_nag' ) ) {
    474501        return;
     502    }
    475503
    476504    echo '<div class="error default-password-nag">';
    477505    echo '<p>';
    478     echo '<strong>' . __('Notice:') . '</strong> ';
    479     _e('You&rsquo;re using the auto-generated password for your account. Would you like to change it?');
     506    echo '<strong>' . __( 'Notice:' ) . '</strong> ';
     507    _e( 'You&rsquo;re using the auto-generated password for your account. Would you like to change it?' );
    480508    echo '</p><p>';
    481     printf( '<a href="%s">' . __('Yes, take me to my profile page') . '</a> | ', get_edit_profile_url() . '#password' );
    482     printf( '<a href="%s" id="default-password-nag-no">' . __('No thanks, do not remind me again') . '</a>', '?default_password_nag=0' );
     509    printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );
     510    printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );
    483511    echo '</p></div>';
    484512}
     
    488516 * @access private
    489517 */
    490 function delete_users_add_js() { ?>
     518function delete_users_add_js() {
     519    ?>
    491520<script>
    492521jQuery(document).ready( function($) {
     
    512541 * @param object $user User data object
    513542 */
    514 function use_ssl_preference($user) {
     543function use_ssl_preference( $user ) {
    515544?>
    516545    <tr class="user-use-ssl-wrap">
    517         <th scope="row"><?php _e('Use https')?></th>
    518         <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
     546        <th scope="row"><?php _e( 'Use https' ); ?></th>
     547        <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked( '1', $user->use_ssl ); ?> /> <?php _e( 'Always use https when visiting the admin' ); ?></label></td>
    519548    </tr>
    520549<?php
     
    522551
    523552/**
    524  *
    525553 * @param string $text
    526554 * @return string
     
    528556function admin_created_user_email( $text ) {
    529557    $roles = get_editable_roles();
    530     $role = $roles[ $_REQUEST['role'] ];
     558    $role  = $roles[ $_REQUEST['role'] ];
    531559    /* translators: 1: Site name, 2: site URL, 3: role */
    532     return sprintf( __( 'Hi,
     560    return sprintf(
     561        __(
     562            'Hi,
    533563You\'ve been invited to join \'%1$s\' at
    534564%2$s with the role of %3$s.
     
    537567
    538568Please click the following link to activate your user account:
    539 %%s' ), wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ) );
    540 }
     569%%s'
     570        ), wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) )
     571    );
     572}
Note: See TracChangeset for help on using the changeset viewer.