Index: trunk/src/wp-admin/includes/user.php =================================================================== --- trunk/src/wp-admin/includes/user.php (revision 42228) +++ trunk/src/wp-admin/includes/user.php (revision 42343) @@ -30,9 +30,9 @@ function edit_user( $user_id = 0 ) { $wp_roles = wp_roles(); - $user = new stdClass; + $user = new stdClass; if ( $user_id ) { - $update = true; - $user->ID = (int) $user_id; - $userdata = get_userdata( $user_id ); + $update = true; + $user->ID = (int) $user_id; + $userdata = get_userdata( $user_id ); $user->user_login = wp_slash( $userdata->user_login ); } else { @@ -40,61 +40,73 @@ } - if ( !$update && isset( $_POST['user_login'] ) ) - $user->user_login = sanitize_user($_POST['user_login'], true); + if ( ! $update && isset( $_POST['user_login'] ) ) { + $user->user_login = sanitize_user( $_POST['user_login'], true ); + } $pass1 = $pass2 = ''; - if ( isset( $_POST['pass1'] ) ) + if ( isset( $_POST['pass1'] ) ) { $pass1 = $_POST['pass1']; - if ( isset( $_POST['pass2'] ) ) + } + if ( isset( $_POST['pass2'] ) ) { $pass2 = $_POST['pass2']; + } if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) { - $new_role = sanitize_text_field( $_POST['role'] ); - $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false; + $new_role = sanitize_text_field( $_POST['role'] ); + $potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. - if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) ) + if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ( $potential_role && $potential_role->has_cap( 'edit_users' ) ) ) { $user->role = $new_role; + } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); - if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) ) + if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) { wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); - } - - if ( isset( $_POST['email'] )) + } + } + + if ( isset( $_POST['email'] ) ) { $user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) ); + } if ( isset( $_POST['url'] ) ) { - if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) { + if ( empty( $_POST['url'] ) || $_POST['url'] == 'http://' ) { $user->user_url = ''; } else { $user->user_url = esc_url_raw( $_POST['url'] ); - $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); - $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; - } - } - if ( isset( $_POST['first_name'] ) ) + $protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) ); + $user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url; + } + } + if ( isset( $_POST['first_name'] ) ) { $user->first_name = sanitize_text_field( $_POST['first_name'] ); - if ( isset( $_POST['last_name'] ) ) + } + if ( isset( $_POST['last_name'] ) ) { $user->last_name = sanitize_text_field( $_POST['last_name'] ); - if ( isset( $_POST['nickname'] ) ) + } + if ( isset( $_POST['nickname'] ) ) { $user->nickname = sanitize_text_field( $_POST['nickname'] ); - if ( isset( $_POST['display_name'] ) ) + } + if ( isset( $_POST['display_name'] ) ) { $user->display_name = sanitize_text_field( $_POST['display_name'] ); - - if ( isset( $_POST['description'] ) ) + } + + if ( isset( $_POST['description'] ) ) { $user->description = trim( $_POST['description'] ); + } foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) { - if ( isset( $_POST[$method] )) - $user->$method = sanitize_text_field( $_POST[$method] ); + if ( isset( $_POST[ $method ] ) ) { + $user->$method = sanitize_text_field( $_POST[ $method ] ); + } } if ( $update ) { - $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true'; - $user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true'; - $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; + $user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true'; + $user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true'; + $user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh'; $user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false'; - $user->locale = ''; + $user->locale = ''; if ( isset( $_POST['locale'] ) ) { @@ -115,12 +127,14 @@ $user->use_ssl = 0; - if ( !empty($_POST['use_ssl']) ) + if ( ! empty( $_POST['use_ssl'] ) ) { $user->use_ssl = 1; + } $errors = new WP_Error(); /* checking that username has been typed */ - if ( $user->user_login == '' ) + if ( $user->user_login == '' ) { $errors->add( 'user_login', __( 'ERROR: Please enter a username.' ) ); + } /* checking that nickname has been typed */ @@ -146,5 +160,5 @@ // Check for "\" in password. - if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) { + if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) { $errors->add( 'pass', __( 'ERROR: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) ); } @@ -155,12 +169,15 @@ } - if ( !empty( $pass1 ) ) + if ( ! empty( $pass1 ) ) { $user->user_pass = $pass1; - - if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) ) - $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' )); - - if ( !$update && username_exists( $user->user_login ) ) - $errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' )); + } + + if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) { + $errors->add( 'user_login', __( 'ERROR: This username is invalid because it uses illegal characters. Please enter a valid username.' ) ); + } + + if ( ! $update && username_exists( $user->user_login ) ) { + $errors->add( 'user_login', __( 'ERROR: This username is already registered. Please choose another one.' ) ); + } /** This filter is documented in wp-includes/user.php */ @@ -174,8 +191,8 @@ if ( empty( $user->user_email ) ) { $errors->add( 'empty_email', __( 'ERROR: Please enter an email address.' ), array( 'form-field' => 'email' ) ); - } elseif ( !is_email( $user->user_email ) ) { + } elseif ( ! is_email( $user->user_email ) ) { $errors->add( 'invalid_email', __( 'ERROR: The email address isn’t correct.' ), array( 'form-field' => 'email' ) ); - } elseif ( ( $owner_id = email_exists($user->user_email) ) && ( !$update || ( $owner_id != $user->ID ) ) ) { - $errors->add( 'email_exists', __('ERROR: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) ); + } elseif ( ( $owner_id = email_exists( $user->user_email ) ) && ( ! $update || ( $owner_id != $user->ID ) ) ) { + $errors->add( 'email_exists', __( 'ERROR: This email is already registered, please choose another one.' ), array( 'form-field' => 'email' ) ); } @@ -191,6 +208,7 @@ do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) ); - if ( $errors->get_error_codes() ) + if ( $errors->get_error_codes() ) { return $errors; + } if ( $update ) { @@ -256,6 +274,7 @@ $user = get_userdata( $user_id ); - if ( $user ) + if ( $user ) { $user->filter = 'edit'; + } return $user; @@ -274,5 +293,5 @@ function get_users_drafts( $user_id ) { global $wpdb; - $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); + $query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id ); /** @@ -310,9 +329,10 @@ } - $id = (int) $id; + $id = (int) $id; $user = new WP_User( $id ); - if ( !$user->exists() ) + if ( ! $user->exists() ) { return false; + } // Normalize $reassign to null or a user ID. 'novalue' was an older default. @@ -354,29 +374,33 @@ $post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id ); $post_types_to_delete = implode( "', '", $post_types_to_delete ); - $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) ); + $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) ); if ( $post_ids ) { - foreach ( $post_ids as $post_id ) + foreach ( $post_ids as $post_id ) { wp_delete_post( $post_id ); + } } // Clean links - $link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) ); + $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) ); if ( $link_ids ) { - foreach ( $link_ids as $link_id ) - wp_delete_link($link_id); + foreach ( $link_ids as $link_id ) { + wp_delete_link( $link_id ); + } } } else { $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id ) ); - $wpdb->update( $wpdb->posts, array('post_author' => $reassign), array('post_author' => $id) ); + $wpdb->update( $wpdb->posts, array( 'post_author' => $reassign ), array( 'post_author' => $id ) ); if ( ! empty( $post_ids ) ) { - foreach ( $post_ids as $post_id ) + foreach ( $post_ids as $post_id ) { clean_post_cache( $post_id ); - } - $link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) ); - $wpdb->update( $wpdb->links, array('link_owner' => $reassign), array('link_owner' => $id) ); + } + } + $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) ); + $wpdb->update( $wpdb->links, array( 'link_owner' => $reassign ), array( 'link_owner' => $id ) ); if ( ! empty( $link_ids ) ) { - foreach ( $link_ids as $link_id ) + foreach ( $link_ids as $link_id ) { clean_bookmark_cache( $link_id ); + } } } @@ -387,6 +411,7 @@ } else { $meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) ); - foreach ( $meta as $mid ) + foreach ( $meta as $mid ) { delete_metadata_by_mid( 'user', $mid ); + } $wpdb->delete( $wpdb->users, array( 'ID' => $id ) ); @@ -416,8 +441,8 @@ * @param int $id User ID. */ -function wp_revoke_user($id) { +function wp_revoke_user( $id ) { $id = (int) $id; - $user = new WP_User($id); + $user = new WP_User( $id ); $user->remove_all_caps(); } @@ -430,14 +455,15 @@ * @param false $errors Deprecated. */ -function default_password_nag_handler($errors = false) { +function default_password_nag_handler( $errors = false ) { global $user_ID; // Short-circuit it. - if ( ! get_user_option('default_password_nag') ) + if ( ! get_user_option( 'default_password_nag' ) ) { return; + } // get_user_setting = JS saved UI setting. else no-js-fallback code. - if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) { - delete_user_setting('default_password_nag'); - update_user_option($user_ID, 'default_password_nag', false, true); + if ( 'hide' == get_user_setting( 'default_password_nag' ) || isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag'] ) { + delete_user_setting( 'default_password_nag' ); + update_user_option( $user_ID, 'default_password_nag', false, true ); } } @@ -449,15 +475,16 @@ * @param object $old_data */ -function default_password_nag_edit_user($user_ID, $old_data) { +function default_password_nag_edit_user( $user_ID, $old_data ) { // Short-circuit it. - if ( ! get_user_option('default_password_nag', $user_ID) ) + if ( ! get_user_option( 'default_password_nag', $user_ID ) ) { return; - - $new_data = get_userdata($user_ID); + } + + $new_data = get_userdata( $user_ID ); // Remove the nag if the password has been changed. if ( $new_data->user_pass != $old_data->user_pass ) { - delete_user_setting('default_password_nag'); - update_user_option($user_ID, 'default_password_nag', false, true); + delete_user_setting( 'default_password_nag' ); + update_user_option( $user_ID, 'default_password_nag', false, true ); } } @@ -471,14 +498,15 @@ global $pagenow; // Short-circuit it. - if ( 'profile.php' == $pagenow || ! get_user_option('default_password_nag') ) + if ( 'profile.php' == $pagenow || ! get_user_option( 'default_password_nag' ) ) { return; + } echo '
'; - echo '' . __('Notice:') . ' '; - _e('You’re using the auto-generated password for your account. Would you like to change it?'); + echo '' . __( 'Notice:' ) . ' '; + _e( 'You’re using the auto-generated password for your account. Would you like to change it?' ); echo '
'; - printf( '' . __('Yes, take me to my profile page') . ' | ', get_edit_profile_url() . '#password' ); - printf( '' . __('No thanks, do not remind me again') . '', '?default_password_nag=0' ); + printf( '' . __( 'Yes, take me to my profile page' ) . ' | ', get_edit_profile_url() . '#password' ); + printf( '' . __( 'No thanks, do not remind me again' ) . '', '?default_password_nag=0' ); echo '