X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/38ca813a0e312e2768e5b9519f0415cd0aa84781..46588ee871246a923d972538dbc93b26f4fda932:/wp-includes/ms-functions.php diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 6c1f80a1..6dbcf086 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -1,6 +1,6 @@ get_blog_count(), + 'users' => get_user_count(), + ); return $stats; } @@ -51,16 +49,13 @@ function get_admin_users_for_domain( $sitedomain = '', $path = '' ) { /** * Get one of a user's active blogs * - * Returns the user's primary blog, if she has one and + * Returns the user's primary blog, if they have one and * it is active. If it's inactive, function returns another * active blog of the user. If none are found, the user * is added as a Subscriber to the Dashboard Blog and that blog * is returned. * * @since MU 1.0 - * @uses get_blogs_of_user() - * @uses add_user_to_blog() - * @uses get_blog_details() * * @param int $user_id The unique ID of the user * @return object The blog object @@ -79,7 +74,7 @@ function get_active_blog_for_user( $user_id ) { if ( false !== $primary_blog ) { if ( ! isset( $blogs[ $primary_blog ] ) ) { update_user_meta( $user_id, 'primary_blog', $first_blog->userblog_id ); - $primary = $first_blog; + $primary = get_blog_details( $first_blog->userblog_id ); } else { $primary = get_blog_details( $primary_blog ); } @@ -90,7 +85,7 @@ function get_active_blog_for_user( $user_id ) { $primary = $first_blog; } - if ( ( ! is_object( $primary ) ) || ( is_object( $primary ) && $primary->archived == 1 || $primary->spam == 1 || $primary->deleted == 1 ) ) { + if ( ( ! is_object( $primary ) ) || ( $primary->archived == 1 || $primary->spam == 1 || $primary->deleted == 1 ) ) { $blogs = get_blogs_of_user( $user_id, true ); // if a user's primary blog is shut down, check their other blogs. $ret = false; if ( is_array( $blogs ) && count( $blogs ) > 0 ) { @@ -116,32 +111,6 @@ function get_active_blog_for_user( $user_id ) { } } -/** - * Find out whether a user is a member of a given blog. - * - * @since MU 1.1 - * @uses get_blogs_of_user() - * - * @param int $user_id The unique ID of the user - * @param int $blog Optional. If no blog_id is provided, current site is used - * @return bool - */ -function is_user_member_of_blog( $user_id, $blog_id = 0 ) { - $user_id = (int) $user_id; - $blog_id = (int) $blog_id; - - if ( $blog_id == 0 ) { - global $wpdb; - $blog_id = $wpdb->blogid; - } - - $blogs = get_blogs_of_user( $user_id ); - if ( is_array( $blogs ) ) - return array_key_exists( $blog_id, $blogs ); - else - return false; -} - /** * The number of active users in your installation. * @@ -162,10 +131,13 @@ function get_user_count() { * * @since MU 1.0 * - * @param int $id Optional. A site_id. + * @param int $network_id Deprecated, not supported. * @return int */ -function get_blog_count( $id = 0 ) { +function get_blog_count( $network_id = 0 ) { + if ( func_num_args() ) + _deprecated_argument( __FUNCTION__, '3.1' ); + return get_site_option( 'blog_count' ); } @@ -176,17 +148,12 @@ function get_blog_count( $id = 0 ) { * * @param int $blog_id ID of the blog. * @param int $post_id ID of the post you're looking for. - * @return object The post. + * @return WP_Post|null WP_Post on success or null on failure */ function get_blog_post( $blog_id, $post_id ) { - global $wpdb; - - $key = $blog_id . '-' . $post_id; - $post = wp_cache_get( $key, 'global-posts' ); - if ( $post == false ) { - $post = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->get_blog_prefix( $blog_id ) . 'posts WHERE ID = %d', $post_id ) ); - wp_cache_add( $key, $post, 'global-posts' ); - } + switch_to_blog( $blog_id ); + $post = get_post( $post_id ); + restore_current_blog(); return $post; } @@ -207,11 +174,11 @@ function get_blog_post( $blog_id, $post_id ) { function add_user_to_blog( $blog_id, $user_id, $role ) { switch_to_blog($blog_id); - $user = new WP_User($user_id); + $user = get_userdata( $user_id ); - if ( empty( $user->ID ) ) { + if ( ! $user ) { restore_current_blog(); - return new WP_Error('user_does_not_exist', __('That user does not exist.')); + return new WP_Error( 'user_does_not_exist', __( 'The requested user does not exist.' ) ); } if ( !get_user_meta($user_id, 'primary_blog', true) ) { @@ -222,7 +189,16 @@ function add_user_to_blog( $blog_id, $user_id, $role ) { $user->set_role($role); - do_action('add_user_to_blog', $user_id, $role, $blog_id); + /** + * Fires immediately after a user is added to a site. + * + * @since MU + * + * @param int $user_id User ID. + * @param string $role User role. + * @param int $blog_id Blog ID. + */ + do_action( 'add_user_to_blog', $user_id, $role, $blog_id ); wp_cache_delete( $user_id, 'users' ); restore_current_blog(); return true; @@ -248,7 +224,15 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') { global $wpdb; switch_to_blog($blog_id); $user_id = (int) $user_id; - do_action('remove_user_from_blog', $user_id, $blog_id); + /** + * Fires before a user is removed from a site. + * + * @since MU + * + * @param int $user_id User ID. + * @param int $blog_id Blog ID. + */ + do_action( 'remove_user_from_blog', $user_id, $blog_id ); // If being removed from the primary blog, set a new primary if the user is assigned // to multiple blogs. @@ -270,8 +254,8 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') { } // wp_revoke_user($user_id); - $user = new WP_User($user_id); - if ( empty( $user->ID ) ) { + $user = get_userdata( $user_id ); + if ( ! $user ) { restore_current_blog(); return new WP_Error('user_does_not_exist', __('That user does not exist.')); } @@ -286,42 +270,50 @@ function remove_user_from_blog($user_id, $blog_id = '', $reassign = '') { if ( $reassign != '' ) { $reassign = (int) $reassign; - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $user_id) ); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $user_id) ); + $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $user_id ) ); + $link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $user_id ) ); + + if ( ! empty( $post_ids ) ) { + $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $user_id ) ); + array_walk( $post_ids, 'clean_post_cache' ); + } + + if ( ! empty( $link_ids ) ) { + $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $user_id ) ); + array_walk( $link_ids, 'clean_bookmark_cache' ); + } } restore_current_blog(); + + return true; } /** * Create an empty blog. * * @since MU 1.0 - * @uses install_blog() * * @param string $domain The new blog's domain. * @param string $path The new blog's path. - * @param string $string The new blog's title. - * @param int $site Optional. Defaults to 1. + * @param string $weblog_title The new blog's title. + * @param int $site_id Optional. Defaults to 1. * @return int The ID of the newly created blog */ function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { - $domain = addslashes( $domain ); - $weblog_title = addslashes( $weblog_title ); - if ( empty($path) ) $path = '/'; // Check if the domain has been used already. We should return an error message. if ( domain_exists($domain, $path, $site_id) ) - return __( 'Error: Site URL already taken.' ); + return __( 'ERROR: Site URL already taken.' ); // Need to back up wpdb table names, and create a new wp_blogs entry for new blog. // Need to get blog_id from wp_blogs, and create new table names. // Must restore table names at the end of function. if ( ! $blog_id = insert_blog($domain, $path, $site_id) ) - return __( 'Error: problem creating site entry.' ); + return __( 'ERROR: problem creating site entry.' ); switch_to_blog($blog_id); install_blog($blog_id); @@ -335,19 +327,15 @@ function create_empty_blog( $domain, $path, $weblog_title, $site_id = 1 ) { * * @since MU 1.0 * - * @param int $_blog_id ID of the source blog. + * @param int $blog_id ID of the source blog. * @param int $post_id ID of the desired post. * @return string The post's permalink */ -function get_blog_permalink( $_blog_id, $post_id ) { - $key = "{$_blog_id}-{$post_id}-blog_permalink"; - $link = wp_cache_get( $key, 'site-options' ); - if ( $link == false ) { - switch_to_blog( $_blog_id ); - $link = get_permalink( $post_id ); - restore_current_blog(); - wp_cache_add( $key, $link, 'site-options', 360 ); - } +function get_blog_permalink( $blog_id, $post_id ) { + switch_to_blog( $blog_id ); + $link = get_permalink( $post_id ); + restore_current_blog(); + return $link; } @@ -363,27 +351,27 @@ function get_blog_permalink( $_blog_id, $post_id ) { * * @param string $domain * @param string $path Optional. Not required for subdomain installations. - * @return int + * @return int 0 if no blog found, otherwise the ID of the matching blog */ function get_blog_id_from_url( $domain, $path = '/' ) { global $wpdb; - $domain = strtolower( $wpdb->escape( $domain ) ); - $path = strtolower( $wpdb->escape( $path ) ); + $domain = strtolower( $domain ); + $path = strtolower( $path ); $id = wp_cache_get( md5( $domain . $path ), 'blog-id-cache' ); - if ( $id == -1 ) { // blog does not exist + if ( $id == -1 ) // blog does not exist return 0; - } elseif ( $id ) { - return (int)$id; - } + elseif ( $id ) + return (int) $id; - $id = $wpdb->get_var( "SELECT blog_id FROM $wpdb->blogs WHERE domain = '$domain' and path = '$path' /* get_blog_id_from_url */" ); + $id = $wpdb->get_var( $wpdb->prepare( "SELECT blog_id FROM $wpdb->blogs WHERE domain = %s and path = %s /* get_blog_id_from_url */", $domain, $path ) ); - if ( !$id ) { + if ( ! $id ) { wp_cache_set( md5( $domain . $path ), -1, 'blog-id-cache' ); - return false; + return 0; } + wp_cache_set( md5( $domain . $path ), $id, 'blog-id-cache' ); return $id; @@ -391,68 +379,6 @@ function get_blog_id_from_url( $domain, $path = '/' ) { // Admin functions -/** - * Redirect a user based on $_GET or $_POST arguments. - * - * The function looks for redirect arguments in the following order: - * 1) $_GET['ref'] - * 2) $_POST['ref'] - * 3) $_SERVER['HTTP_REFERER'] - * 4) $_GET['redirect'] - * 5) $_POST['redirect'] - * 6) $url - * - * @since MU - * @uses wpmu_admin_redirect_add_updated_param() - * - * @param string $url - */ -function wpmu_admin_do_redirect( $url = '' ) { - $ref = ''; - if ( isset( $_GET['ref'] ) ) - $ref = $_GET['ref']; - if ( isset( $_POST['ref'] ) ) - $ref = $_POST['ref']; - - if ( $ref ) { - $ref = wpmu_admin_redirect_add_updated_param( $ref ); - wp_redirect( $ref ); - exit(); - } - if ( empty( $_SERVER['HTTP_REFERER'] ) == false ) { - wp_redirect( $_SERVER['HTTP_REFERER'] ); - exit(); - } - - $url = wpmu_admin_redirect_add_updated_param( $url ); - if ( isset( $_GET['redirect'] ) ) { - if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) - $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) ); - } elseif ( isset( $_POST['redirect'] ) ) { - $url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] ); - } - wp_redirect( $url ); - exit(); -} - -/** - * Adds an 'updated=true' argument to a URL. - * - * @since MU - * - * @param string $url - * @return string - */ -function wpmu_admin_redirect_add_updated_param( $url = '' ) { - if ( strpos( $url, 'updated=true' ) === false ) { - if ( strpos( $url, '?' ) === false ) - return $url . '?updated=true'; - else - return $url . '&updated=true'; - } - return $url; -} - /** * Checks an email address against a list of banned domains. * @@ -468,48 +394,60 @@ function wpmu_admin_redirect_add_updated_param( $url = '' ) { */ function is_email_address_unsafe( $user_email ) { $banned_names = get_site_option( 'banned_email_domains' ); - if ($banned_names && !is_array( $banned_names )) - $banned_names = explode( "\n", $banned_names); + if ( $banned_names && ! is_array( $banned_names ) ) + $banned_names = explode( "\n", $banned_names ); + + $is_email_address_unsafe = false; + + if ( $banned_names && is_array( $banned_names ) ) { + $banned_names = array_map( 'strtolower', $banned_names ); + $normalized_email = strtolower( $user_email ); - if ( is_array( $banned_names ) && empty( $banned_names ) == false ) { - $email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) ); - foreach ( (array) $banned_names as $banned_domain ) { - if ( $banned_domain == '' ) + list( $email_local_part, $email_domain ) = explode( '@', $normalized_email ); + + foreach ( $banned_names as $banned_domain ) { + if ( ! $banned_domain ) continue; - if ( - strstr( $email_domain, $banned_domain ) || - ( - strstr( $banned_domain, '/' ) && - preg_match( $banned_domain, $email_domain ) - ) - ) - return true; + + if ( $email_domain == $banned_domain ) { + $is_email_address_unsafe = true; + break; + } + + $dotted_domain = ".$banned_domain"; + if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) { + $is_email_address_unsafe = true; + break; + } } } - return false; + + /** + * Filter whether an email address is unsafe. + * + * @since 3.5.0 + * + * @param bool $is_email_address_unsafe Whether the email address is "unsafe". Default false. + * @param string $user_email User email address. + */ + return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email ); } /** - * Processes new user registrations. + * Sanitize and validate data required for a user sign-up. * - * Checks the data provided by the user during signup. Verifies - * the validity and uniqueness of user names and user email addresses, - * and checks email addresses against admin-provided domain - * whitelists and blacklists. + * Verifies the validity and uniqueness of user names and user email addresses, + * and checks email addresses against admin-provided domain whitelists and blacklists. * - * The hook 'wpmu_validate_user_signup' provides an easy way - * to modify the signup process. The value $result, which is passed - * to the hook, contains both the user-provided info and the error - * messages created by the function. 'wpmu_validate_user_signup' allows - * you to process the data in any way you'd like, and unset the - * relevant errors if necessary. + * The {@see 'wpmu_validate_user_signup'} hook provides an easy way to modify the sign-up + * process. The value $result, which is passed to the hook, contains both the user-provided + * info and the error messages created by the function. {@see 'wpmu_validate_user_signup'} + * allows you to process the data in any way you'd like, and unset the relevant errors if + * necessary. * * @since MU - * @uses is_email_address_unsafe() - * @uses username_exists() - * @uses email_exists() * - * @param string $user_name The login name provided by the user. + * @param string $user_name The login name provided by the user. * @param string $user_email The email provided by the user. * @return array Contains username, email, and error messages. */ @@ -520,10 +458,8 @@ function wpmu_validate_user_signup($user_name, $user_email) { $orig_username = $user_name; $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); - $maybe = array(); - preg_match( '/[a-z0-9]+/', $user_name, $maybe ); - if ( $user_name != $orig_username || $user_name != $maybe[0] ) { + if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { $errors->add( 'user_name', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) ); $user_name = $orig_username; } @@ -531,7 +467,7 @@ function wpmu_validate_user_signup($user_name, $user_email) { $user_email = sanitize_email( $user_email ); if ( empty( $user_name ) ) - $errors->add('user_name', __('Please enter a username')); + $errors->add('user_name', __( 'Please enter a username.' ) ); $illegal_names = get_site_option( 'illegal_names' ); if ( is_array( $illegal_names ) == false ) { @@ -539,25 +475,23 @@ function wpmu_validate_user_signup($user_name, $user_email) { add_site_option( 'illegal_names', $illegal_names ); } if ( in_array( $user_name, $illegal_names ) == true ) - $errors->add('user_name', __('That username is not allowed')); + $errors->add('user_name', __( 'That username is not allowed.' ) ); if ( is_email_address_unsafe( $user_email ) ) $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); if ( strlen( $user_name ) < 4 ) - $errors->add('user_name', __('Username must be at least 4 characters')); + $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); if ( strpos( ' ' . $user_name, '_' ) != false ) $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) ); // all numeric? - $match = array(); - preg_match( '/[0-9]*/', $user_name, $match ); - if ( $match[0] == $user_name ) + if ( preg_match( '/^[0-9]*$/', $user_name ) ) $errors->add('user_name', __('Sorry, usernames must have letters too!')); if ( !is_email( $user_email ) ) - $errors->add('user_email', __('Please enter a correct email address')); + $errors->add('user_email', __( 'Please enter a valid email address.' ) ); $limited_email_domains = get_site_option( 'limited_email_domains' ); if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { @@ -568,11 +502,11 @@ function wpmu_validate_user_signup($user_name, $user_email) { // Check if the username has been used already. if ( username_exists($user_name) ) - $errors->add('user_name', __('Sorry, that username already exists!')); + $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); // Check if the email address has been used already. if ( email_exists($user_email) ) - $errors->add('user_email', __('Sorry, that email address is already used!')); + $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) ); // Has someone already signed up for this username? $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); @@ -581,28 +515,42 @@ function wpmu_validate_user_signup($user_name, $user_email) { $now = current_time( 'timestamp', true ); $diff = $now - $registered_at; // If registered more than two days ago, cancel registration and let this signup go through. - if ( $diff > 172800 ) - $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_login = %s", $user_name) ); + if ( $diff > 2 * DAY_IN_SECONDS ) + $wpdb->delete( $wpdb->signups, array( 'user_login' => $user_name ) ); else $errors->add('user_name', __('That username is currently reserved but may be available in a couple of days.')); - - if ( $signup->active == 0 && $signup->user_email == $user_email ) - $errors->add('user_email_used', __('username and email used')); } $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) ); if ( $signup != null ) { $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. - if ( $diff > 172800 ) - $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_email = %s", $user_email) ); + if ( $diff > 2 * DAY_IN_SECONDS ) + $wpdb->delete( $wpdb->signups, array( 'user_email' => $user_email ) ); else $errors->add('user_email', __('That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.')); } $result = array('user_name' => $user_name, 'orig_username' => $orig_username, 'user_email' => $user_email, 'errors' => $errors); - return apply_filters('wpmu_validate_user_signup', $result); + /** + * Filter the validated user registration details. + * + * This does not allow you to override the username or email of the user during + * registration. The values are solely used for validation and error handling. + * + * @since MU + * + * @param array $result { + * The array of user name, email and the error messages. + * + * @type string $user_name Sanitized and unique username. + * @type string $orig_username Original username. + * @type string $user_email User email address. + * @type WP_Error $errors WP_Error object containing any errors found. + * } + */ + return apply_filters( 'wpmu_validate_user_signup', $result ); } /** @@ -620,15 +568,16 @@ function wpmu_validate_user_signup($user_name, $user_email) { * the way that WordPress validates new site signups. * * @since MU - * @uses domain_exists() - * @uses username_exists() * * @param string $blogname The blog name provided by the user. Must be unique. * @param string $blog_title The blog title provided by the user. * @return array Contains the new site data and error messages. */ -function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { - global $wpdb, $domain, $base, $current_site; +function wpmu_validate_blog_signup( $blogname, $blog_title, $user = '' ) { + global $wpdb, $domain; + + $current_site = get_current_site(); + $base = $current_site->path; $blog_title = strip_tags( $blog_title ); $blog_title = substr( $blog_title, 0, 50 ); @@ -640,26 +589,37 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { add_site_option( 'illegal_names', $illegal_names ); } - // On sub dir installs, Some names are so illegal, only a filter can spring them from jail - if (! is_subdomain_install() ) - $illegal_names = array_merge($illegal_names, apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) ); - + /* + * On sub dir installs, some names are so illegal, only a filter can + * spring them from jail. + */ + if ( ! is_subdomain_install() ) { + $illegal_names = array_merge( + $illegal_names, + /** + * Filter reserved site names on a sub-directory Multisite install. + * + * @since 3.0.0 + * + * @param array $subdirectory_reserved_names Array of reserved names. + */ + apply_filters( 'subdirectory_reserved_names', array( 'page', 'comments', 'blog', 'files', 'feed' ) ) + ); + } if ( empty( $blogname ) ) - $errors->add('blogname', __('Please enter a site name')); + $errors->add('blogname', __( 'Please enter a site name.' ) ); - $maybe = array(); - preg_match( '/[a-z0-9]+/', $blogname, $maybe ); - if ( $blogname != $maybe[0] ) - $errors->add('blogname', __('Only lowercase letters and numbers allowed')); + if ( preg_match( '/[^a-z0-9]+/', $blogname ) ) + $errors->add('blogname', __( 'Only lowercase letters (a-z) and numbers are allowed.' ) ); if ( in_array( $blogname, $illegal_names ) == true ) - $errors->add('blogname', __('That name is not allowed')); + $errors->add('blogname', __( 'That name is not allowed.' ) ); if ( strlen( $blogname ) < 4 && !is_super_admin() ) - $errors->add('blogname', __('Site name must be at least 4 characters')); + $errors->add('blogname', __( 'Site name must be at least 4 characters.' ) ); - if ( strpos( ' ' . $blogname, '_' ) != false ) + if ( strpos( $blogname, '_' ) !== false ) $errors->add( 'blogname', __( 'Sorry, site names may not contain the character “_”!' ) ); // do not allow users to create a blog that conflicts with a page on the main blog. @@ -667,17 +627,25 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { $errors->add( 'blogname', __( 'Sorry, you may not use that site name.' ) ); // all numeric? - $match = array(); - preg_match( '/[0-9]*/', $blogname, $match ); - if ( $match[0] == $blogname ) + if ( preg_match( '/^[0-9]*$/', $blogname ) ) $errors->add('blogname', __('Sorry, site names must have letters too!')); + /** + * Filter the new site name during registration. + * + * The name is the site's subdomain or the site's subdirectory + * path depending on the network settings. + * + * @since MU + * + * @param string $blogname Site name. + */ $blogname = apply_filters( 'newblogname', $blogname ); - $blog_title = stripslashes( $blog_title ); + $blog_title = wp_unslash( $blog_title ); if ( empty( $blog_title ) ) - $errors->add('blog_title', __('Please enter a site title')); + $errors->add('blog_title', __( 'Please enter a site title.' ) ); // Check if the domain/path has been used already. if ( is_subdomain_install() ) { @@ -687,8 +655,8 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { $mydomain = "$domain"; $path = $base.$blogname.'/'; } - if ( domain_exists($mydomain, $path) ) - $errors->add('blogname', __('Sorry, that site already exists!')); + if ( domain_exists($mydomain, $path, $current_site->id) ) + $errors->add( 'blogname', __( 'Sorry, that site already exists!' ) ); if ( username_exists( $blogname ) ) { if ( is_object( $user ) == false || ( is_object($user) && ( $user->user_login != $blogname ) ) ) @@ -700,21 +668,37 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { if ( ! empty($signup) ) { $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. - if ( $diff > 172800 ) - $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path) ); + if ( $diff > 2 * DAY_IN_SECONDS ) + $wpdb->delete( $wpdb->signups, array( 'domain' => $mydomain , 'path' => $path ) ); else $errors->add('blogname', __('That site is currently reserved but may be available in a couple days.')); } - $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors); - return apply_filters('wpmu_validate_blog_signup', $result); + $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'user' => $user, 'errors' => $errors); + + /** + * Filter site details and error messages following registration. + * + * @since MU + * + * @param array $result { + * Array of domain, path, blog name, blog title, user and error messages. + * + * @type string $domain Domain for the site. + * @type string $path Path for the site. Used in subdirectory installs. + * @type string $blogname The unique site name (slug). + * @type string $blog_title Blog title. + * @type string $user User email address. + * @type WP_Error $errors WP_Error containing any errors found. + * } + */ + return apply_filters( 'wpmu_validate_blog_signup', $result ); } /** * Record site signup information for future activation. * * @since MU - * @uses wpmu_signup_blog_notification() * * @param string $domain The requested domain. * @param string $path The requested path. @@ -723,14 +707,11 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { * @param string $user_email The user's email address. * @param array $meta By default, contains the requested privacy setting and lang_id. */ -function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '') { +function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() ) { global $wpdb; $key = substr( md5( time() . rand() . $domain ), 0, 16 ); $meta = serialize($meta); - $domain = $wpdb->escape($domain); - $path = $wpdb->escape($path); - $title = $wpdb->escape($title); $wpdb->insert( $wpdb->signups, array( 'domain' => $domain, @@ -753,13 +734,12 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '' * new site registration is not. * * @since MU - * @uses wpmu_signup_user_notification() * * @param string $user The user's requested login name. * @param string $user_email The user's email address. * @param array $meta By default, this is an empty array. */ -function wpmu_signup_user($user, $user_email, $meta = '') { +function wpmu_signup_user( $user, $user_email, $meta = array() ) { global $wpdb; // Format data @@ -792,7 +772,7 @@ function wpmu_signup_user($user, $user_email, $meta = '') { * replace it with your own notification behavior. * * Filter 'wpmu_signup_blog_notification_email' and - * 'wpmu_signup_blog_notification_email' to change the content + * 'wpmu_signup_blog_notification_subject' to change the content * and subject line of the email sent to newly registered users. * * @since MU @@ -802,18 +782,30 @@ function wpmu_signup_user($user, $user_email, $meta = '') { * @param string $title The site title. * @param string $user The user's login name. * @param string $user_email The user's email address. - * @param array $meta By default, contains the requested privacy setting and lang_id. * @param string $key The activation key created in wpmu_signup_blog() + * @param array $meta By default, contains the requested privacy setting and lang_id. * @return bool */ -function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta = '') { - global $current_site; - - if ( !apply_filters('wpmu_signup_blog_notification', $domain, $path, $title, $user, $user_email, $key, $meta) ) +function wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_email, $key, $meta = array() ) { + /** + * Filter whether to bypass the new site email notification. + * + * @since MU + * + * @param string|bool $domain Site domain. + * @param string $path Site path. + * @param string $title Site title. + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_blog(). + * @param array $meta By default, contains the requested privacy setting and lang_id. + */ + if ( ! apply_filters( 'wpmu_signup_blog_notification', $domain, $path, $title, $user, $user_email, $key, $meta ) ) { return false; + } // Send email with activation link. - if ( !is_subdomain_install() || $current_site->id != 1 ) + if ( !is_subdomain_install() || get_current_site()->id != 1 ) $activate_url = network_site_url("wp-activate.php?key=$key"); else $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key"; // @todo use *_url() API @@ -825,6 +817,22 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message = sprintf( + /** + * Filter the message content of the new blog notification email. + * + * Content should be formatted for transmission via wp_mail(). + * + * @since MU + * + * @param string $content Content of the notification email. + * @param string $domain Site domain. + * @param string $path Site path. + * @param string $title Site title. + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_blog(). + * @param array $meta By default, contains the requested privacy setting and lang_id. + */ apply_filters( 'wpmu_signup_blog_notification_email', __( "To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your site here:\n\n%s" ), $domain, $path, $title, $user, $user_email, $key, $meta @@ -835,6 +843,20 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai ); // TODO: Don't hard code activation link. $subject = sprintf( + /** + * Filter the subject of the new blog notification email. + * + * @since MU + * + * @param string $subject Subject of the notification email. + * @param string $domain Site domain. + * @param string $path Site path. + * @param string $title Site title. + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_blog(). + * @param array $meta By default, contains the requested privacy setting and lang_id. + */ apply_filters( 'wpmu_signup_blog_notification_subject', __( '[%1$s] Activate %2$s' ), $domain, $path, $title, $user, $user_email, $key, $meta @@ -842,7 +864,7 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai $from_name, esc_url( 'http://' . $domain . $path ) ); - wp_mail($user_email, $subject, $message, $message_headers); + wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers ); return true; } @@ -863,12 +885,22 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai * * @param string $user The user's login name. * @param string $user_email The user's email address. - * @param array $meta By default, an empty array. * @param string $key The activation key created in wpmu_signup_user() + * @param array $meta By default, an empty array. * @return bool */ -function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { - if ( !apply_filters('wpmu_signup_user_notification', $user, $user_email, $key, $meta) ) +function wpmu_signup_user_notification( $user, $user_email, $key, $meta = array() ) { + /** + * Filter whether to bypass the email notification for new user sign-up. + * + * @since MU + * + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_user(). + * @param array $meta Signup meta data. + */ + if ( ! apply_filters( 'wpmu_signup_user_notification', $user, $user_email, $key, $meta ) ) return false; // Send email with activation link. @@ -878,14 +910,38 @@ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { $from_name = get_site_option( 'site_name' ) == '' ? 'WordPress' : esc_html( get_site_option( 'site_name' ) ); $message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n"; $message = sprintf( + /** + * Filter the content of the notification email for new user sign-up. + * + * Content should be formatted for transmission via wp_mail(). + * + * @since MU + * + * @param string $content Content of the notification email. + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_user(). + * @param array $meta Signup meta data. + */ apply_filters( 'wpmu_signup_user_notification_email', - __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\n" ), + __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login." ), $user, $user_email, $key, $meta ), site_url( "wp-activate.php?key=$key" ) ); // TODO: Don't hard code activation link. $subject = sprintf( + /** + * Filter the subject of the notification email of new user signup. + * + * @since MU + * + * @param string $subject Subject of the notification email. + * @param string $user User login name. + * @param string $user_email User email address. + * @param string $key Activation key created in wpmu_signup_user(). + * @param array $meta Signup meta data. + */ apply_filters( 'wpmu_signup_user_notification_subject', __( '[%1$s] Activate %2$s' ), $user, $user_email, $key, $meta @@ -893,7 +949,7 @@ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { $from_name, $user ); - wp_mail($user_email, $subject, $message, $message_headers); + wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers ); return true; } @@ -906,19 +962,12 @@ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { * by a Super Admin). * * @since MU - * @uses wp_generate_password() - * @uses wpmu_welcome_user_notification() - * @uses add_user_to_blog() - * @uses add_new_user_to_blog() - * @uses wpmu_create_user() - * @uses wpmu_create_blog() - * @uses wpmu_welcome_notification() * * @param string $key The activation key provided to the user. * @return array An array containing information about the activated user and/or blog */ function wpmu_activate_signup($key) { - global $wpdb, $current_site; + global $wpdb; $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) ); @@ -932,15 +981,13 @@ function wpmu_activate_signup($key) { return new WP_Error( 'already_active', __( 'The site is already active.' ), $signup ); } - $meta = unserialize($signup->meta); - $user_login = $wpdb->escape($signup->user_login); - $user_email = $wpdb->escape($signup->user_email); + $meta = maybe_unserialize($signup->meta); $password = wp_generate_password( 12, false ); - $user_id = username_exists($user_login); + $user_id = username_exists($signup->user_login); if ( ! $user_id ) - $user_id = wpmu_create_user($user_login, $password, $user_email); + $user_id = wpmu_create_user($signup->user_login, $password, $signup->user_email); else $user_already_exists = true; @@ -955,11 +1002,18 @@ function wpmu_activate_signup($key) { if ( isset( $user_already_exists ) ) return new WP_Error( 'user_already_exists', __( 'That username is already activated.' ), $signup); - wpmu_welcome_user_notification($user_id, $password, $meta); - - add_new_user_to_blog( $user_id, $user_email, $meta ); - do_action('wpmu_activate_user', $user_id, $password, $meta); - return array('user_id' => $user_id, 'password' => $password, 'meta' => $meta); + wpmu_welcome_user_notification( $user_id, $password, $meta ); + /** + * Fires immediately after a new user is activated. + * + * @since MU + * + * @param int $user_id User ID. + * @param int $password User password. + * @param array $meta Signup meta data. + */ + do_action( 'wpmu_activate_user', $user_id, $password, $meta ); + return array( 'user_id' => $user_id, 'password' => $password, 'meta' => $meta ); } $blog_id = wpmu_create_blog( $signup->domain, $signup->path, $signup->title, $user_id, $meta, $wpdb->siteid ); @@ -967,7 +1021,7 @@ function wpmu_activate_signup($key) { // TODO: What to do if we create a user but cannot create a blog? if ( is_wp_error($blog_id) ) { // If blog is taken, that means a previous attempt to activate this blog failed in between creating the blog and - // setting the activation flag. Let's just set the active flag and instruct the user to reset their password. + // setting the activation flag. Let's just set the active flag and instruct the user to reset their password. if ( 'blog_taken' == $blog_id->get_error_code() ) { $blog_id->add_data( $signup ); $wpdb->update( $wpdb->signups, array( 'active' => 1, 'activated' => $now ), array( 'activation_key' => $key ) ); @@ -977,7 +1031,18 @@ function wpmu_activate_signup($key) { $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); wpmu_welcome_notification($blog_id, $user_id, $password, $signup->title, $meta); - do_action('wpmu_activate_blog', $blog_id, $user_id, $password, $signup->title, $meta); + /** + * Fires immediately after a site is activated. + * + * @since MU + * + * @param int $blog_id Blog ID. + * @param int $user_id User ID. + * @param int $password User password. + * @param string $signup_title Site title. + * @param array $meta Signup meta data. + */ + do_action( 'wpmu_activate_blog', $blog_id, $user_id, $password, $signup->title, $meta ); return array('blog_id' => $blog_id, 'user_id' => $user_id, 'password' => $password, 'title' => $signup->title, 'meta' => $meta); } @@ -991,24 +1056,30 @@ function wpmu_activate_signup($key) { * use 'user_register'). * * @since MU - * @uses wp_create_user() * * @param string $user_name The new user's login name. * @param string $password The new user's password. * @param string $email The new user's email address. - * @return mixed Returns false on failure, or int $user_id on success + * @return int|bool Returns false on failure, or int $user_id on success */ -function wpmu_create_user( $user_name, $password, $email) { +function wpmu_create_user( $user_name, $password, $email ) { $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); $user_id = wp_create_user( $user_name, $password, $email ); - if ( is_wp_error($user_id) ) + if ( is_wp_error( $user_id ) ) return false; // Newly created users have no roles or caps until they are added to a blog. delete_user_option( $user_id, 'capabilities' ); delete_user_option( $user_id, 'user_level' ); + /** + * Fires immediately after a new user is created. + * + * @since MU + * + * @param int $user_id User ID. + */ do_action( 'wpmu_new_user', $user_id ); return $user_id; @@ -1027,10 +1098,6 @@ function wpmu_create_user( $user_name, $password, $email) { * root domain (eg 'blog1.example.com'), and $path is '/'. * * @since MU - * @uses domain_exists() - * @uses insert_blog() - * @uses wp_install_defaults() - * @uses add_user_to_blog() * * @param string $domain The new site's domain. * @param string $path The new site's path. @@ -1040,7 +1107,10 @@ function wpmu_create_user( $user_name, $password, $email) { * @param int $site_id Optional. Only relevant on multi-network installs. * @return mixed Returns WP_Error object on failure, int $blog_id on success */ -function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id = 1) { +function wpmu_create_blog( $domain, $path, $title, $user_id, $meta = array(), $site_id = 1 ) { + $defaults = array( 'public' => 0 ); + $meta = wp_parse_args( $meta, $defaults ); + $domain = preg_replace( '/\s+/', '', sanitize_user( $domain, true ) ); if ( is_subdomain_install() ) @@ -1054,7 +1124,7 @@ function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id // Check if the domain has been used already. We should return an error message. if ( domain_exists($domain, $path, $site_id) ) - return new WP_Error('blog_taken', __('Site already exists.')); + return new WP_Error( 'blog_taken', __( 'Sorry, that site already exists!' ) ); if ( !defined('WP_INSTALLING') ) define( 'WP_INSTALLING', true ); @@ -1068,20 +1138,32 @@ function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id add_user_to_blog($blog_id, $user_id, 'administrator'); - if ( is_array($meta) ) foreach ($meta as $key => $value) { - if ( $key == 'public' || $key == 'archived' || $key == 'mature' || $key == 'spam' || $key == 'deleted' || $key == 'lang_id' ) + foreach ( $meta as $key => $value ) { + if ( in_array( $key, array( 'public', 'archived', 'mature', 'spam', 'deleted', 'lang_id' ) ) ) update_blog_status( $blog_id, $key, $value ); else update_option( $key, $value ); } add_option( 'WPLANG', get_site_option( 'WPLANG' ) ); - update_option( 'blog_public', (int)$meta['public'] ); + update_option( 'blog_public', (int) $meta['public'] ); - if ( !is_super_admin() && ! get_user_meta( $user_id, 'primary_blog', true ) ) + if ( ! is_super_admin( $user_id ) && ! get_user_meta( $user_id, 'primary_blog', true ) ) update_user_meta( $user_id, 'primary_blog', $blog_id ); restore_current_blog(); + /** + * Fires immediately after a new site is created. + * + * @since MU + * + * @param int $blog_id Blog ID. + * @param int $user_id User ID. + * @param string $domain Site domain. + * @param string $path Site path. + * @param int $site_id Site ID. Only relevant on multi-network installs. + * @param array $meta Meta data. Used to set initial site options. + */ do_action( 'wpmu_new_blog', $blog_id, $user_id, $domain, $path, $site_id, $meta ); return $blog_id; @@ -1113,11 +1195,19 @@ function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) { $siteurl = site_url(); restore_current_blog(); - $msg = sprintf( __( 'New Site: %1s -URL: %2s -Remote IP: %3s - -Disable these notifications: %4s' ), $blogname, $siteurl, $_SERVER['REMOTE_ADDR'], $options_site_url); + $msg = sprintf( __( 'New Site: %1$s +URL: %2$s +Remote IP: %3$s + +Disable these notifications: %4$s' ), $blogname, $siteurl, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url); + /** + * Filter the message body of the new site activation email sent + * to the network administrator. + * + * @since MU + * + * @param string $msg Email body. + */ $msg = apply_filters( 'newblog_notify_siteadmin', $msg ); wp_mail( $email, sprintf( __( 'New Site Registration: %s' ), $siteurl ), $msg ); @@ -1144,15 +1234,24 @@ function newuser_notify_siteadmin( $user_id ) { if ( is_email($email) == false ) return false; - $user = new WP_User($user_id); + $user = get_userdata( $user_id ); $options_site_url = esc_url(network_admin_url('settings.php')); - $msg = sprintf(__('New User: %1s -Remote IP: %2s - -Disable these notifications: %3s'), $user->user_login, $_SERVER['REMOTE_ADDR'], $options_site_url); - - $msg = apply_filters( 'newuser_notify_siteadmin', $msg ); + $msg = sprintf(__('New User: %1$s +Remote IP: %2$s + +Disable these notifications: %3$s'), $user->user_login, wp_unslash( $_SERVER['REMOTE_ADDR'] ), $options_site_url); + + /** + * Filter the message body of the new user activation email sent + * to the network administrator. + * + * @since MU + * + * @param string $msg Email body. + * @param WP_User $user WP_User instance of the new user. + */ + $msg = apply_filters( 'newuser_notify_siteadmin', $msg, $user ); wp_mail( $email, sprintf(__('New User Registration: %s'), $user->user_login), $msg ); return true; } @@ -1172,7 +1271,20 @@ Disable these notifications: %3s'), $user->user_login, $_SERVER['REMOTE_ADDR'], */ function domain_exists($domain, $path, $site_id = 1) { global $wpdb; - return $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE domain = %s AND path = %s AND site_id = %d", $domain, $path, $site_id) ); + $path = trailingslashit( $path ); + $result = $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE domain = %s AND path = %s AND site_id = %d", $domain, $path, $site_id) ); + + /** + * Filter whether a blogname is taken. + * + * @since 3.5.0 + * + * @param int|null $result The blog_id if the blogname exists, null otherwise. + * @param string $domain Domain to be checked. + * @param string $path Path to be checked. + * @param int $site_id Site ID. Relevant only on multi-network installs. + */ + return apply_filters( 'domain_exists', $result, $domain, $path, $site_id ); } /** @@ -1198,8 +1310,12 @@ function insert_blog($domain, $path, $site_id) { if ( ! $result ) return false; - refresh_blog_details($wpdb->insert_id); - return $wpdb->insert_id; + $blog_id = $wpdb->insert_id; + refresh_blog_details( $blog_id ); + + wp_maybe_update_network_site_counts(); + + return $blog_id; } /** @@ -1210,48 +1326,50 @@ function insert_blog($domain, $path, $site_id) { * points to the new blog. * * @since MU - * @uses make_db_current_silent() - * @uses populate_roles() * * @param int $blog_id The value returned by insert_blog(). * @param string $blog_title The title of the new site. */ -function install_blog($blog_id, $blog_title = '') { - global $wpdb, $table_prefix, $wp_roles; - $wpdb->suppress_errors(); +function install_blog( $blog_id, $blog_title = '' ) { + global $wpdb, $wp_roles; // Cast for security $blog_id = (int) $blog_id; require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); - if ( $wpdb->get_results("SELECT ID FROM $wpdb->posts") ) - die(__('
You appear to have already installed WordPress. To reinstall please clear your old database tables first.
') . '