wordpress-develop/src/wp-admin/includes/user.php at master · futuregit/wordpress-develop

History

1723 lines (1499 loc) · 51.6 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

763

764

765

766

767

768

769

770

771

772

773

774

775

776

777

778

779

780

781

782

783

784

785

786

787

788

789

790

791

792

793

794

795

796

797

798

799

800

801

802

803

804

805

806

807

808

809

810

811

812

813

814

815

816

817

818

819

820

821

822

823

824

825

826

827

828

829

830

831

832

833

834

835

836

837

838

839

840

841

842

843

844

845

846

847

848

849

850

851

852

853

854

855

856

857

858

859

860

861

862

863

864

865

866

867

868

869

870

871

872

873

874

875

876

877

878

879

880

881

882

883

884

885

886

887

888

889

890

891

892

893

894

895

896

897

898

899

900

901

902

903

904

905

906

907

908

909

910

911

912

913

914

915

916

917

918

919

920

921

922

923

924

925

926

927

928

929

930

931

932

933

934

935

936

937

938

939

940

941

942

943

944

945

946

947

948

949

950

951

952

953

954

955

956

957

958

959

960

961

962

963

964

965

966

967

968

969

970

971

972

973

974

975

976

977

978

979

980

981

982

983

984

985

986

987

988

989

990

991

992

993

994

995

996

997

998

999

1000

<?php

/**

* WordPress user administration API.

* @package WordPress

* @subpackage Administration

/**

* Creates a new user from the "Users" form using $_POST information.

* @since 2.0.0

* @return int|WP_Error WP_Error or User ID.

function add_user() {

return edit_user();

}

/**

* Edit user settings based on contents of $_POST

* Used on user-edit.php and profile.php to manage and process user options, passwords etc.

* @since 2.0.0

* @param int $user_id Optional. User ID.

* @return int|WP_Error user id of the updated user.

function edit_user( $user_id = 0 ) {

$wp_roles = wp_roles();

$user = new stdClass;

$user_id = (int) $user_id;

if ( $user_id ) {

$update = true;

$user->ID = $user_id;

$userdata = get_userdata( $user_id );

$user->user_login = wp_slash( $userdata->user_login );

} else {

$update = false;

}

if ( ! $update && isset( $_POST['user_login'] ) ) {

$user->user_login = sanitize_user( $_POST['user_login'], true );

}

$pass1 = $pass2 = '';

if ( isset( $_POST['pass1'] ) ) {

$pass1 = $_POST['pass1'];

}

if ( isset( $_POST['pass2'] ) ) {

$pass2 = $_POST['pass2'];

}

if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {

$new_role = sanitize_text_field( $_POST['role'] );

// If the new role isn't editable by the logged-in user die with error.

$editable_roles = get_editable_roles();

if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {

wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );

}

$potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;

* Don't let anyone with 'promote_users' edit their own role to something without it.

* Multisite super admins can freely edit their roles, they possess all caps.

if (

( is_multisite() && current_user_can( 'manage_network_users' ) ) ||

$user_id !== get_current_user_id() ||

( $potential_role && $potential_role->has_cap( 'promote_users' ) )

) {

$user->role = $new_role;

}

if ( isset( $_POST['email'] ) ) {

$user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );

}

if ( isset( $_POST['url'] ) ) {

if ( empty( $_POST['url'] ) || $_POST['url'] == 'http://' ) {

$user->user_url = '';

} else {

$user->user_url = esc_url_raw( $_POST['url'] );

$protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );

$user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;

}

if ( isset( $_POST['first_name'] ) ) {

$user->first_name = sanitize_text_field( $_POST['first_name'] );

}

if ( isset( $_POST['last_name'] ) ) {

$user->last_name = sanitize_text_field( $_POST['last_name'] );

}

if ( isset( $_POST['nickname'] ) ) {

$user->nickname = sanitize_text_field( $_POST['nickname'] );

}

if ( isset( $_POST['display_name'] ) ) {

$user->display_name = sanitize_text_field( $_POST['display_name'] );

}

if ( isset( $_POST['description'] ) ) {

$user->description = trim( $_POST['description'] );

}

foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {

if ( isset( $_POST[ $method ] ) ) {

$user->$method = sanitize_text_field( $_POST[ $method ] );

}

if ( $update ) {

$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';

$user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';

$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';

$user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';

$user->locale = '';

if ( isset( $_POST['locale'] ) ) {

$locale = sanitize_text_field( $_POST['locale'] );

if ( 'site-default' === $locale ) {

$locale = '';

} elseif ( '' === $locale ) {

$locale = 'en_US';

} elseif ( ! in_array( $locale, get_available_languages(), true ) ) {

$locale = '';

}

$user->locale = $locale;

}

$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';

$user->use_ssl = 0;

if ( ! empty( $_POST['use_ssl'] ) ) {

$user->use_ssl = 1;

}

$errors = new WP_Error();

/* checking that username has been typed */

if ( $user->user_login == '' ) {

$errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );

}

/* checking that nickname has been typed */

if ( $update && empty( $user->nickname ) ) {

$errors->add( 'nickname', __( '<strong>ERROR</strong>: Please enter a nickname.' ) );

}

/**

* Fires before the password and confirm password fields are checked for congruity.

* @since 1.5.1

* @param string $user_login The username.

* @param string $pass1 The password (passed by reference).

* @param string $pass2 The confirmed password (passed by reference).

do_action_ref_array( 'check_passwords', array( $user->user_login, &$pass1, &$pass2 ) );

// Check for blank password when adding a user.

if ( ! $update && empty( $pass1 ) ) {

$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );

}

// Check for "\" in password.

if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {

$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );

}

// Checking the password has been typed twice the same.

if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {

$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );

}

if ( ! empty( $pass1 ) ) {

$user->user_pass = $pass1;

}

if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {

$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );

}

if ( ! $update && username_exists( $user->user_login ) ) {

$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );

}

/** This filter is documented in wp-includes/user.php */

$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );

if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {

$errors->add( 'invalid_username', __( '<strong>ERROR</strong>: Sorry, that username is not allowed.' ) );

}

/* checking email address */

if ( empty( $user->user_email ) ) {

$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );

} elseif ( ! is_email( $user->user_email ) ) {

$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ), array( 'form-field' => 'email' ) );

} elseif ( ( $owner_id = email_exists( $user->user_email ) ) && ( ! $update || ( $owner_id != $user->ID ) ) ) {

$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array( 'form-field' => 'email' ) );

}

/**

* Fires before user profile update errors are returned.

* @since 2.8.0

* @param WP_Error $errors WP_Error object (passed by reference).

* @param bool $update Whether this is a user update.

* @param stdClass $user User object (passed by reference).

do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );

if ( $errors->has_errors() ) {

return $errors;

}

if ( $update ) {

$user_id = wp_update_user( $user );

} else {

$user_id = wp_insert_user( $user );

$notify = isset( $_POST['send_user_notification'] ) ? 'both' : 'admin';

/**

* Fires after a new user has been created.

* @since 4.4.0

* @param int $user_id ID of the newly created user.

* @param string $notify Type of notification that should happen. See wp_send_new_user_notifications()

* for more information on possible values.

do_action( 'edit_user_created_user', $user_id, $notify );

}

return $user_id;

}

/**

* Fetch a filtered list of user roles that the current user is

* allowed to edit.

* Simple function whose main purpose is to allow filtering of the

* list of roles in the $wp_roles object so that plugins can remove

* inappropriate ones depending on the situation or user making edits.

* Specifically because without filtering anyone with the edit_users

* capability can edit others to be administrators, even if they are

* only editors or authors. This filter allows admins to delegate

* user management.

* @since 2.8.0

* @return array[] Array of arrays containing role information.

function get_editable_roles() {

$all_roles = wp_roles()->roles;

/**

* Filters the list of editable roles.

* @since 2.8.0

* @param array[] $all_roles Array of arrays containing role information.

$editable_roles = apply_filters( 'editable_roles', $all_roles );

return $editable_roles;

}

/**

* Retrieve user data and filter it.

* @since 2.0.5

* @param int $user_id User ID.

* @return WP_User|bool WP_User object on success, false on failure.

function get_user_to_edit( $user_id ) {

$user = get_userdata( $user_id );

if ( $user ) {

$user->filter = 'edit';

}

return $user;

}

/**

* Retrieve the user's drafts.

* @since 2.0.0

* @global wpdb $wpdb WordPress database abstraction object.

* @param int $user_id User ID.

* @return array

function get_users_drafts( $user_id ) {

global $wpdb;

$query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );

/**

* Filters the user's drafts query string.

* @since 2.0.0

* @param string $query The user's drafts query string.

$query = apply_filters( 'get_users_drafts', $query );

return $wpdb->get_results( $query );

}

/**

* Remove user and optionally reassign posts and links to another user.

* If the $reassign parameter is not assigned to a User ID, then all posts will

* be deleted of that user. The action {@see 'delete_user'} that is passed the User ID

* being deleted will be run after the posts are either reassigned or deleted.

* The user meta will also be deleted that are for that User ID.

* @since 2.0.0

* @global wpdb $wpdb WordPress database abstraction object.

* @param int $id User ID.

* @param int $reassign Optional. Reassign posts and links to new User ID.

* @return bool True when finished.

function wp_delete_user( $id, $reassign = null ) {

global $wpdb;

if ( ! is_numeric( $id ) ) {

return false;

}

$id = (int) $id;

$user = new WP_User( $id );

if ( ! $user->exists() ) {

return false;

}

// Normalize $reassign to null or a user ID. 'novalue' was an older default.

if ( 'novalue' === $reassign ) {

$reassign = null;

} elseif ( null !== $reassign ) {

$reassign = (int) $reassign;

}

/**

* Fires immediately before a user is deleted from the database.

* @since 2.0.0

* @param int $id ID of the user to delete.

* @param int|null $reassign ID of the user to reassign posts and links to.

* Default null, for no reassignment.

do_action( 'delete_user', $id, $reassign );

if ( null === $reassign ) {

$post_types_to_delete = array();

foreach ( get_post_types( array(), 'objects' ) as $post_type ) {

if ( $post_type->delete_with_user ) {

$post_types_to_delete[] = $post_type->name;

} elseif ( null === $post_type->delete_with_user && post_type_supports( $post_type->name, 'author' ) ) {

$post_types_to_delete[] = $post_type->name;

}

/**

* Filters the list of post types to delete with a user.

* @since 3.4.0

* @param string[] $post_types_to_delete Array of post types to delete.

* @param int $id User ID.

$post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id );

$post_types_to_delete = implode( "', '", $post_types_to_delete );

$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );

if ( $post_ids ) {

foreach ( $post_ids as $post_id ) {

wp_delete_post( $post_id );

}

// Clean links

$link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );

if ( $link_ids ) {

foreach ( $link_ids as $link_id ) {

wp_delete_link( $link_id );

}

} else {

$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id ) );

$wpdb->update( $wpdb->posts, array( 'post_author' => $reassign ), array( 'post_author' => $id ) );

if ( ! empty( $post_ids ) ) {

foreach ( $post_ids as $post_id ) {

clean_post_cache( $post_id );

}

$link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );

$wpdb->update( $wpdb->links, array( 'link_owner' => $reassign ), array( 'link_owner' => $id ) );

if ( ! empty( $link_ids ) ) {

foreach ( $link_ids as $link_id ) {

clean_bookmark_cache( $link_id );

}

// FINALLY, delete user

if ( is_multisite() ) {

remove_user_from_blog( $id, get_current_blog_id() );

} else {

$meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) );

foreach ( $meta as $mid ) {

delete_metadata_by_mid( 'user', $mid );

}

$wpdb->delete( $wpdb->users, array( 'ID' => $id ) );

}

clean_user_cache( $user );

/**

* Fires immediately after a user is deleted from the database.

* @since 2.9.0

* @param int $id ID of the deleted user.

* @param int|null $reassign ID of the user to reassign posts and links to.

* Default null, for no reassignment.

do_action( 'deleted_user', $id, $reassign );

return true;

}

/**

* Remove all capabilities from user.

* @since 2.1.0

* @param int $id User ID.

function wp_revoke_user( $id ) {

$id = (int) $id;

$user = new WP_User( $id );

$user->remove_all_caps();

}

/**

* @since 2.8.0

* @global int $user_ID

* @param false $errors Deprecated.

function default_password_nag_handler( $errors = false ) {

global $user_ID;

// Short-circuit it.

if ( ! get_user_option( 'default_password_nag' ) ) {

return;

}

// get_user_setting = JS saved UI setting. else no-js-fallback code.

if ( 'hide' == get_user_setting( 'default_password_nag' ) || isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag'] ) {

delete_user_setting( 'default_password_nag' );

update_user_option( $user_ID, 'default_password_nag', false, true );

}

/**

* @since 2.8.0

* @param int $user_ID

* @param object $old_data

function default_password_nag_edit_user( $user_ID, $old_data ) {

// Short-circuit it.

if ( ! get_user_option( 'default_password_nag', $user_ID ) ) {

return;

}

$new_data = get_userdata( $user_ID );

// Remove the nag if the password has been changed.

if ( $new_data->user_pass != $old_data->user_pass ) {

delete_user_setting( 'default_password_nag' );

update_user_option( $user_ID, 'default_password_nag', false, true );

}

/**

* @since 2.8.0

* @global string $pagenow

function default_password_nag() {

global $pagenow;

// Short-circuit it.

if ( 'profile.php' == $pagenow || ! get_user_option( 'default_password_nag' ) ) {

return;

}

echo '<div class="error default-password-nag">';

echo '<p>';

echo '<strong>' . __( 'Notice:' ) . '</strong> ';

_e( 'You’re using the auto-generated password for your account. Would you like to change it?' );

echo '</p><p>';

printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );

printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );

echo '</p></div>';

}

/**

* @since 3.5.0

* @access private

function delete_users_add_js() {

jQuery(document).ready( function($) {

var submit = $('#submit').prop('disabled', true);

$('input[name="delete_option"]').one('change', function() {

submit.prop('disabled', false);

});

$('#reassign_user').focus( function() {

$('#delete_option1').prop('checked', true).trigger('change');

});

</script>

<?php

}

/**

* Optional SSL preference that can be turned on by hooking to the 'personal_options' action.

* See the {@see 'personal_options'} action.

* @since 2.7.0

* @param object $user User data object.

function use_ssl_preference( $user ) {

</tr>

<?php

}

/**

* @param string $text

* @return string

function admin_created_user_email( $text ) {

$roles = get_editable_roles();

$role = $roles[ $_REQUEST['role'] ];

/* translators: 1: site name, 2: site URL, 3: role */

return sprintf(

__(

'Hi,

You\'ve been invited to join \'%1$s\' at

%2$s with the role of %3$s.

If you do not want to join this site please ignore

this email. This invitation will expire in a few days.

Please click the following link to activate your user account:

%%s'

wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ),

home_url(),

wp_specialchars_decode( translate_user_role( $role['name'] ) )

);

}

/**

* Resend an existing request and return the result.

* @since 4.9.6

* @access private

* @param int $request_id Request ID.

* @return bool|WP_Error Returns true/false based on the success of sending the email, or a WP_Error object.

function _wp_privacy_resend_request( $request_id ) {

$request_id = absint( $request_id );

$request = get_post( $request_id );

if ( ! $request || 'user_request' !== $request->post_type ) {

return new WP_Error( 'privacy_request_error', __( 'Invalid request.' ) );

}

$result = wp_send_user_request( $request_id );

if ( is_wp_error( $result ) ) {

return $result;

} elseif ( ! $result ) {

return new WP_Error( 'privacy_request_error', __( 'Unable to initiate confirmation request.' ) );

}

return true;

}

/**

* Marks a request as completed by the admin and logs the current timestamp.

* @since 4.9.6

* @access private

* @param int $request_id Request ID.

* @return int|WP_Error $result Request ID on success or WP_Error.

function _wp_privacy_completed_request( $request_id ) {

$request_id = absint( $request_id );

$request = wp_get_user_request_data( $request_id );

if ( ! $request ) {

return new WP_Error( 'privacy_request_error', __( 'Invalid request.' ) );

}

update_post_meta( $request_id, '_wp_user_request_completed_timestamp', time() );

$result = wp_update_post(

array(

'ID' => $request_id,

'post_status' => 'request-completed',

)

);

return $result;

}

/**

* Handle list table actions.

* @since 4.9.6

* @access private

function _wp_personal_data_handle_actions() {

if ( isset( $_POST['privacy_action_email_retry'] ) ) {

check_admin_referer( 'bulk-privacy_requests' );

$request_id = absint( current( array_keys( (array) wp_unslash( $_POST['privacy_action_email_retry'] ) ) ) );

$result = _wp_privacy_resend_request( $request_id );

if ( is_wp_error( $result ) ) {

add_settings_error(

'privacy_action_email_retry',

$result->get_error_message(),

'error'

);

} else {

add_settings_error(

'privacy_action_email_retry',

__( 'Confirmation request sent again successfully.' ),

'updated'

);

}

} elseif ( isset( $_POST['action'] ) ) {

$action = isset( $_POST['action'] ) ? sanitize_key( wp_unslash( $_POST['action'] ) ) : '';

switch ( $action ) {

case 'add_export_personal_data_request':

case 'add_remove_personal_data_request':

check_admin_referer( 'personal-data-request' );

if ( ! isset( $_POST['type_of_action'], $_POST['username_or_email_for_privacy_request'] ) ) {

add_settings_error(

'action_type',

__( 'Invalid action.' ),

'error'

);

}

$action_type = sanitize_text_field( wp_unslash( $_POST['type_of_action'] ) );

$username_or_email_address = sanitize_text_field( wp_unslash( $_POST['username_or_email_for_privacy_request'] ) );

$email_address = '';

if ( ! in_array( $action_type, _wp_privacy_action_request_types(), true ) ) {

add_settings_error(

'action_type',

__( 'Invalid action.' ),

'error'

);

}

if ( ! is_email( $username_or_email_address ) ) {

$user = get_user_by( 'login', $username_or_email_address );

if ( ! $user instanceof WP_User ) {

add_settings_error(

'username_or_email_for_privacy_request',

__( 'Unable to add this request. A valid email address or username must be supplied.' ),

'error'

);

} else {

$email_address = $user->user_email;

}

} else {

$email_address = $username_or_email_address;

}

if ( empty( $email_address ) ) {

break;

}

$request_id = wp_create_user_request( $email_address, $action_type );

if ( is_wp_error( $request_id ) ) {

add_settings_error(

'username_or_email_for_privacy_request',

$request_id->get_error_message(),

'error'

);

break;

} elseif ( ! $request_id ) {

add_settings_error(

'username_or_email_for_privacy_request',

__( 'Unable to initiate confirmation request.' ),

'error'

);

break;

}

wp_send_user_request( $request_id );

add_settings_error(

'username_or_email_for_privacy_request',

__( 'Confirmation request initiated successfully.' ),

'updated'

);

break;

}

/**

* Cleans up failed and expired requests before displaying the list table.

* @since 4.9.6

* @access private

function _wp_personal_data_cleanup_requests() {

/** This filter is documented in wp-includes/user.php */

$expires = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );

$requests_query = new WP_Query(

array(

'post_type' => 'user_request',

'posts_per_page' => -1,

'post_status' => 'request-pending',

'fields' => 'ids',

'date_query' => array(

array(

'column' => 'post_modified_gmt',

'before' => $expires . ' seconds ago',

)

);

$request_ids = $requests_query->posts;

foreach ( $request_ids as $request_id ) {

wp_update_post(

array(

'ID' => $request_id,

'post_status' => 'request-failed',

'post_password' => '',

)

);

}

/**

* Personal data export.

* @since 4.9.6

* @access private

function _wp_personal_data_export_page() {

if ( ! current_user_can( 'export_others_personal_data' ) ) {

wp_die( __( 'Sorry, you are not allowed to export personal data on this site.' ) );

}

_wp_personal_data_handle_actions();

_wp_personal_data_cleanup_requests();

// "Borrow" xfn.js for now so we don't have to create new files.

wp_enqueue_script( 'xfn' );

$requests_table = new WP_Privacy_Data_Export_Requests_Table(

array(

'plural' => 'privacy_requests',

'singular' => 'privacy_request',

'screen' => 'export_personal_data',

)

);

$requests_table->screen->set_screen_reader_content(

array(

'heading_views' => __( 'Filter export personal data list' ),

'heading_pagination' => __( 'Export personal data list navigation' ),

'heading_list' => __( 'Export personal data list' ),

)

);

$requests_table->process_bulk_action();

$requests_table->prepare_items();

<?php settings_errors(); ?>

<form action="<?php echo esc_url( admin_url( 'tools.php?page=export_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">

<?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>

</div>

<?php wp_nonce_field( 'personal-data-request' ); ?>

</form>

<hr />

<?php $requests_table->views(); ?>

<?php $requests_table->search_box( __( 'Search Requests' ), 'requests' ); ?>

</form>

<?php

$requests_table->display();

$requests_table->embed_scripts();

</form>

</div>

<?php

}

/**

* Personal data anonymization.

* @since 4.9.6

* @access private

function _wp_personal_data_removal_page() {

* Require both caps in order to make it explicitly clear that delegating

* erasure from network admins to single-site admins will give them the

* ability to affect global users, rather than being limited to the site

* that they administer.

if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {

wp_die( __( 'Sorry, you are not allowed to erase data on this site.' ) );

}

_wp_personal_data_handle_actions();

_wp_personal_data_cleanup_requests();

// "Borrow" xfn.js for now so we don't have to create new files.

wp_enqueue_script( 'xfn' );

$requests_table = new WP_Privacy_Data_Removal_Requests_Table(

array(

'plural' => 'privacy_requests',

'singular' => 'privacy_request',

'screen' => 'remove_personal_data',

)

);

$requests_table->screen->set_screen_reader_content(

array(

'heading_views' => __( 'Filter erase personal data list' ),

'heading_pagination' => __( 'Erase personal data list navigation' ),

'heading_list' => __( 'Erase personal data list' ),

)

);

$requests_table->process_bulk_action();

$requests_table->prepare_items();

<?php settings_errors(); ?>

<form action="<?php echo esc_url( admin_url( 'tools.php?page=remove_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">

<?php submit_button( __( 'Send Request' ), 'secondary', 'submit', false ); ?>

</div>

<?php wp_nonce_field( 'personal-data-request' ); ?>

</form>

<hr />

<?php $requests_table->views(); ?>

<?php $requests_table->search_box( __( 'Search Requests' ), 'requests' ); ?>

</form>

<?php

$requests_table->display();

$requests_table->embed_scripts();

</form>

</div>

<?php

}

/**

* Mark erasure requests as completed after processing is finished.

* This intercepts the Ajax responses to personal data eraser page requests, and

* monitors the status of a request. Once all of the processing has finished, the

* request is marked as completed.

* @since 4.9.6

* @see wp_privacy_personal_data_erasure_page

* @param array $response The response from the personal data eraser for

* the given page.

* @param int $eraser_index The index of the personal data eraser. Begins

* at 1.

* @param string $email_address The email address of the user whose personal

* data this is.

* @param int $page The page of personal data for this eraser.

* Begins at 1.

* @param int $request_id The request ID for this personal data erasure.

* @return array The filtered response.

function wp_privacy_process_personal_data_erasure_page( $response, $eraser_index, $email_address, $page, $request_id ) {

* If the eraser response is malformed, don't attempt to consume it; let it

* pass through, so that the default Ajax processing will generate a warning

* to the user.

if ( ! is_array( $response ) ) {

return $response;

}

if ( ! array_key_exists( 'done', $response ) ) {

return $response;

}

if ( ! array_key_exists( 'items_removed', $response ) ) {

return $response;

}

if ( ! array_key_exists( 'items_retained', $response ) ) {

return $response;

}

if ( ! array_key_exists( 'messages', $response ) ) {

return $response;

}

$request = wp_get_user_request_data( $request_id );

View remainder of file in raw view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

user.php

Latest commit

History

user.php

File metadata and controls