WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/27/2018 05:30:28 PM (4 years ago)
Author:
azaozz
Message:

Privacy: update and enhance the method to confirm user requests by email. Introduce WP_User_Request to hold all request vars similarly to WP_Post.

Props mikejolley.
See #43443.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r43008 r43011  
    28412841    }
    28422842
    2843     if ( ! in_array( $request_data['status'], array( 'request-pending', 'request-failed' ), true ) ) {
     2843    if ( ! in_array( $request_data->status, array( 'request-pending', 'request-failed' ), true ) ) {
    28442844        return;
    28452845    }
     
    28472847    update_post_meta( $request_id, '_wp_user_request_confirmed_timestamp', time() );
    28482848    wp_update_post( array(
    2849         'ID'          => $request_data['request_id'],
     2849        'ID'          => $request_id,
    28502850        'post_status' => 'request-confirmed',
    28512851    ) );
     
    28632863    $request = wp_get_user_request_data( $request_id );
    28642864
    2865     if ( $request && in_array( $request['action'], _wp_privacy_action_request_types(), true ) ) {
     2865    if ( $request && in_array( $request->action_name, _wp_privacy_action_request_types(), true ) ) {
    28662866        $message = '<p class="message">' . __( 'Action has been confirmed.' ) . '</p>';
    28672867        $message .= __( 'The site administrator has been notified and will fulfill your request as soon as possible.' );
     
    29012901    // Check for duplicates.
    29022902    $requests_query = new WP_Query( array(
    2903         'post_type'   => 'user_request',
    2904         'title'       => $action_name,
    2905         'post_status' => 'any',
    2906         'fields'      => 'ids',
    2907         'meta_query'  => array(
    2908             array(
    2909                 'key'     => '_wp_user_request_user_email',
    2910                 'value'   => $email_address,
    2911             ),
    2912         ),
     2903        'post_type'     => 'user_request',
     2904        'post_name__in' => array( $action_name ),  // Action name stored in post_name column.
     2905        'title'         => $email_address, // Email address stored in post_title column.
     2906        'post_status'   => 'any',
     2907        'fields'        => 'ids',
    29132908    ) );
    29142909
     
    29192914    $request_id = wp_insert_post( array(
    29202915        'post_author'   => $user_id,
    2921         'post_title'    => $action_name,
     2916        'post_name'     => $action_name,
     2917        'post_title'    => $email_address,
    29222918        'post_content'  => wp_json_encode( $request_data ),
    29232919        'post_status'   => 'request-pending',
     
    29262922        'post_date_gmt' => current_time( 'mysql', true ),
    29272923    ), true );
    2928 
    2929     if ( is_wp_error( $request_id ) ) {
    2930         return $request_id;
    2931     }
    2932 
    2933     update_post_meta( $request_id, '_wp_user_request_user_email', $email_address );
    2934     update_post_meta( $request_id, '_wp_user_request_confirmed_timestamp', false );
    29352924
    29362925    return $request_id;
     
    29642953     * @param string $description The default description.
    29652954     * @param string $action_name The name of the request.
    2966      */             
     2955     */
    29672956    return apply_filters( 'user_request_action_description', $description, $action_name );
    29682957}
     
    29802969function wp_send_user_request( $request_id ) {
    29812970    $request_id = absint( $request_id );
    2982     $request    = get_post( $request_id );
    2983 
    2984     if ( ! $request || 'user_request' !== $request->post_type ) {
     2971    $request    = wp_get_user_request_data( $request_id );
     2972
     2973    if ( ! $request ) {
    29852974        return new WP_Error( 'user_request_error', __( 'Invalid request.' ) );
    29862975    }
    29872976
    2988     if ( 'request-pending' !== $request->post_status ) {
    2989         wp_update_post( array(
    2990             'ID'            => $request_id,
    2991             'post_status'   => 'request-pending',
    2992             'post_date'     => current_time( 'mysql', false ),
    2993             'post_date_gmt' => current_time( 'mysql', true ),
    2994         ) );
    2995     }
    2996 
    29972977    $email_data = array(
    2998         'action_name' => $request->post_title,
    2999         'email'       => get_post_meta( $request->ID, '_wp_user_request_user_email', true ),
    3000         'description' => wp_user_request_action_description( $request->post_title ),
     2978        'email'       => $request->email,
     2979        'description' => wp_user_request_action_description( $request->action_name ),
    30012980        'confirm_url' => add_query_arg( array(
    30022981            'action'      => 'confirmaction',
     
    30463025     *     Data relating to the account action email.
    30473026     *
    3048      *     @type string $action_name Name of the action being performed.
    3049      *     @type string $email       The email address this is being sent to.
    3050      *     @type string $description Description of the action being performed so the user knows what the email is for.
    3051      *     @type string $confirm_url The link to click on to confirm the account action.
    3052      *     @type string $sitename    The site name sending the mail.
    3053      *     @type string $siteurl     The site URL sending the mail.
     3027     *     @type WP_User_Request $request User request object.
     3028     *     @type string          $email       The email address this is being sent to.
     3029     *     @type string          $description Description of the action being performed so the user knows what the email is for.
     3030     *     @type string          $confirm_url The link to click on to confirm the account action.
     3031     *     @type string          $sitename    The site name sending the mail.
     3032     *     @type string          $siteurl     The site URL sending the mail.
    30543033     * }
    30553034     */
     
    30673046
    30683047/**
    3069  * Returns a confirmation key for a user action and stores the hashed version.
     3048 * Returns a confirmation key for a user action and stores the hashed version for future comparison.
    30703049 *
    30713050 * @since 4.9.6
     
    30863065    }
    30873066
    3088     update_post_meta( $request_id, '_wp_user_request_confirm_key', $wp_hasher->HashPassword( $key ) );
    3089     update_post_meta( $request_id, '_wp_user_request_confirm_key_timestamp', time() );
     3067    wp_update_post( array(
     3068        'ID'                => $request_id,
     3069        'post_status'       => 'request-pending',
     3070        'post_password'     => $wp_hasher->HashPassword( $key ),
     3071        'post_modified'     => current_time( 'mysql', false ),
     3072        'post_modified_gmt' => current_time( 'mysql', true ),
     3073    ) );
    30903074
    30913075    return $key;
     
    31113095    }
    31123096
    3113     if ( ! in_array( $request['status'], array( 'request-pending', 'request-failed' ), true ) ) {
     3097    if ( ! in_array( $request->status, array( 'request-pending', 'request-failed' ), true ) ) {
    31143098        return __( 'This link has expired.' );
    31153099    }
     
    31243108    }
    31253109
    3126     $key_request_time = $request['confirm_key_timestamp'];
    3127     $saved_key        = $request['confirm_key'];
     3110    $key_request_time = $request->modified_timestamp;
     3111    $saved_key        = $request->confirm_key;
    31283112
    31293113    if ( ! $saved_key ) {
     
    31663150function wp_get_user_request_data( $request_id ) {
    31673151    $request_id = absint( $request_id );
    3168     $request    = get_post( $request_id );
    3169 
    3170     if ( ! $request || 'user_request' !== $request->post_type ) {
     3152    $post       = get_post( $request_id );
     3153
     3154    if ( ! $post || 'user_request' !== $post->post_type ) {
    31713155        return false;
    31723156    }
    31733157
    3174     return array(
    3175         'request_id'            => $request->ID,
    3176         'user_id'               => $request->post_author,
    3177         'email'                 => get_post_meta( $request->ID, '_wp_user_request_user_email', true ),
    3178         'action'                => $request->post_title,
    3179         'requested_timestamp'   => strtotime( $request->post_date_gmt ),
    3180         'confirmed_timestamp'   => get_post_meta( $request->ID, '_wp_user_request_confirmed_timestamp', true ),
    3181         'completed_timestamp'   => get_post_meta( $request->ID, '_wp_user_request_completed_timestamp', true ),
    3182         'request_data'          => json_decode( $request->post_content, true ),
    3183         'status'                => $request->post_status,
    3184         'confirm_key'           => get_post_meta( $request_id, '_wp_user_request_confirm_key', true ),
    3185         'confirm_key_timestamp' => get_post_meta( $request_id, '_wp_user_request_confirm_key_timestamp', true ),
    3186     );
    3187 }
     3158    return new WP_User_Request( $post );
     3159}
     3160
     3161/**
     3162 * WP_User_Request class.
     3163 *
     3164 * Represents user request data loaded from a WP_Post object.
     3165 *
     3166 * @since 4.9.6
     3167 */
     3168final class WP_User_Request {
     3169    /**
     3170     * Request ID.
     3171     *
     3172     * @var int
     3173     */
     3174    public $ID = 0;
     3175
     3176    /**
     3177     * User ID.
     3178     *
     3179     * @var int
     3180     */
     3181
     3182    public $user_id = 0;
     3183
     3184    /**
     3185     * User email.
     3186     *
     3187     * @var int
     3188     */
     3189    public $email = '';
     3190
     3191    /**
     3192     * Action name.
     3193     *
     3194     * @var string
     3195     */
     3196    public $action_name = '';
     3197
     3198    /**
     3199     * Current status.
     3200     *
     3201     * @var string
     3202     */
     3203    public $status = '';
     3204
     3205    /**
     3206     * Timestamp this request was created.
     3207     *
     3208     * @var int|null
     3209     */
     3210    public $created_timestamp = null;
     3211
     3212    /**
     3213     * Timestamp this request was last modified.
     3214     *
     3215     * @var int|null
     3216     */
     3217    public $modified_timestamp = null;
     3218
     3219    /**
     3220     * Timestamp this request was confirmed.
     3221     *
     3222     * @var int
     3223     */
     3224    public $confirmed_timestamp = null;
     3225
     3226    /**
     3227     * Timestamp this request was completed.
     3228     *
     3229     * @var int
     3230     */
     3231    public $completed_timestamp = null;
     3232
     3233    /**
     3234     * Misc data assigned to this request.
     3235     *
     3236     * @var array
     3237     */
     3238    public $request_data = array();
     3239
     3240    /**
     3241     * Key used to confirm this request.
     3242     *
     3243     * @var string
     3244     */
     3245    public $confirm_key = '';
     3246
     3247    /**
     3248     * Constructor.
     3249     *
     3250     * @since 4.9.6
     3251     *
     3252     * @param WP_Post|object $post Post object.
     3253     */
     3254    public function __construct( $post ) {
     3255        $this->ID                  = $post->ID;
     3256        $this->user_id             = $post->post_author;
     3257        $this->email               = $post->post_title;
     3258        $this->action_name         = $post->post_name;
     3259        $this->status              = $post->post_status;
     3260        $this->created_timestamp   = strtotime( $post->post_date_gmt );
     3261        $this->modified_timestamp  = strtotime( $post->post_modified_gmt );
     3262        $this->confirmed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_confirmed_timestamp', true );
     3263        $this->completed_timestamp = (int) get_post_meta( $post->ID, '_wp_user_request_completed_timestamp', true );
     3264        $this->request_data        = json_decode( $post->post_content, true );
     3265        $this->confirm_key         = $post->post_password;
     3266    }
     3267}
Note: See TracChangeset for help on using the changeset viewer.