X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/41578db67d72562346e4dbb2a14889b23d522813..refs/tags/wordpress-4.0:/wp-includes/user.php
diff --git a/wp-includes/user.php b/wp-includes/user.php
index 5a9dc466..af028645 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -134,7 +134,7 @@ function wp_authenticate_username_password($user, $username, $password) {
$user = get_user_by('login', $username);
if ( !$user )
- return new WP_Error( 'invalid_username', sprintf( __( 'ERROR: Invalid username. Lost your password?' ), wp_lostpassword_url() ) );
+ return new WP_Error( 'invalid_username', sprintf( __( 'ERROR: Invalid username. Lost your password?' ), wp_lostpassword_url() ) );
/**
* Filter whether the given user can be authenticated with the provided $password.
@@ -150,7 +150,7 @@ function wp_authenticate_username_password($user, $username, $password) {
return $user;
if ( !wp_check_password($password, $user->user_pass, $user->ID) )
- return new WP_Error( 'incorrect_password', sprintf( __( 'ERROR: The password you entered for the username %1$s is incorrect. Lost your password?' ),
+ return new WP_Error( 'incorrect_password', sprintf( __( 'ERROR: The password you entered for the username %1$s is incorrect. Lost your password?' ),
$username, wp_lostpassword_url() ) );
return $user;
@@ -449,7 +449,7 @@ class WP_User_Query {
* @access public
* @var array
*/
- var $query_vars = array();
+ public $query_vars = array();
/**
* List of found user ids
@@ -458,7 +458,7 @@ class WP_User_Query {
* @access private
* @var array
*/
- var $results;
+ private $results;
/**
* Total number of found users for the current query
@@ -467,14 +467,14 @@ class WP_User_Query {
* @access private
* @var int
*/
- var $total_users = 0;
+ private $total_users = 0;
// SQL clauses
- var $query_fields;
- var $query_from;
- var $query_where;
- var $query_orderby;
- var $query_limit;
+ public $query_fields;
+ public $query_from;
+ public $query_where;
+ public $query_orderby;
+ public $query_limit;
/**
* PHP5 constructor.
@@ -484,7 +484,7 @@ class WP_User_Query {
* @param string|array $args Optional. The query variables.
* @return WP_User_Query
*/
- function __construct( $query = null ) {
+ public function __construct( $query = null ) {
if ( ! empty( $query ) ) {
$this->prepare_query( $query );
$this->query();
@@ -498,7 +498,7 @@ class WP_User_Query {
*
* @param string|array $args Optional. The query variables.
*/
- function prepare_query( $query = array() ) {
+ public function prepare_query( $query = array() ) {
global $wpdb;
if ( empty( $this->query_vars ) || ! empty( $query ) ) {
@@ -523,6 +523,19 @@ class WP_User_Query {
) );
}
+ /**
+ * Fires before the WP_User_Query has been parsed.
+ *
+ * The passed WP_User_Query object contains the query variables, not
+ * yet passed into SQL.
+ *
+ * @since 4.0.0
+ *
+ * @param WP_User_Query $this The current WP_User_Query instance,
+ * passed by reference.
+ */
+ do_action( 'pre_get_users', $this );
+
$qv =& $this->query_vars;
if ( is_array( $qv['fields'] ) ) {
@@ -712,7 +725,7 @@ class WP_User_Query {
*
* @global wpdb $wpdb WordPress database object for queries.
*/
- function query() {
+ public function query() {
global $wpdb;
$qv =& $this->query_vars;
@@ -764,7 +777,7 @@ class WP_User_Query {
* @param string $query_var Query variable key.
* @return mixed
*/
- function get( $query_var ) {
+ public function get( $query_var ) {
if ( isset( $this->query_vars[$query_var] ) )
return $this->query_vars[$query_var];
@@ -780,7 +793,7 @@ class WP_User_Query {
* @param string $query_var Query variable key.
* @param mixed $value Query variable value.
*/
- function set( $query_var, $value ) {
+ public function set( $query_var, $value ) {
$this->query_vars[$query_var] = $value;
}
@@ -796,17 +809,20 @@ class WP_User_Query {
* single site. Single site allows leading and trailing wildcards, Network Admin only trailing.
* @return string
*/
- function get_search_sql( $string, $cols, $wild = false ) {
- $string = esc_sql( $string );
+ protected function get_search_sql( $string, $cols, $wild = false ) {
+ global $wpdb;
$searches = array();
$leading_wild = ( 'leading' == $wild || 'both' == $wild ) ? '%' : '';
$trailing_wild = ( 'trailing' == $wild || 'both' == $wild ) ? '%' : '';
+ $like = $leading_wild . $wpdb->esc_like( $string ) . $trailing_wild;
+
foreach ( $cols as $col ) {
- if ( 'ID' == $col )
- $searches[] = "$col = '$string'";
- else
- $searches[] = "$col LIKE '$leading_wild" . like_escape($string) . "$trailing_wild'";
+ if ( 'ID' == $col ) {
+ $searches[] = $wpdb->prepare( "$col = %s", $string );
+ } else {
+ $searches[] = $wpdb->prepare( "$col LIKE %s", $like );
+ }
}
return ' AND (' . implode(' OR ', $searches) . ')';
@@ -820,7 +836,7 @@ class WP_User_Query {
*
* @return array Array of results.
*/
- function get_results() {
+ public function get_results() {
return $this->results;
}
@@ -832,9 +848,75 @@ class WP_User_Query {
*
* @return array Array of total users.
*/
- function get_total() {
+ public function get_total() {
return $this->total_users;
}
+
+ /**
+ * Make private properties readable for backwards compatibility.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $name Property to get.
+ * @return mixed Property.
+ */
+ public function __get( $name ) {
+ return $this->$name;
+ }
+
+ /**
+ * Make private properties settable for backwards compatibility.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $name Property to set.
+ * @param mixed $value Property value.
+ * @return mixed Newly-set property.
+ */
+ public function __set( $name, $value ) {
+ return $this->$name = $value;
+ }
+
+ /**
+ * Make private properties checkable for backwards compatibility.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $name Property to check if set.
+ * @return bool Whether the property is set.
+ */
+ public function __isset( $name ) {
+ return isset( $this->$name );
+ }
+
+ /**
+ * Make private properties un-settable for backwards compatibility.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param string $name Property to unset.
+ */
+ public function __unset( $name ) {
+ unset( $this->$name );
+ }
+
+ /**
+ * Make private/protected methods readable for backwards compatibility.
+ *
+ * @since 4.0.0
+ * @access public
+ *
+ * @param callable $name Method to call.
+ * @param array $arguments Arguments to pass when calling.
+ * @return mixed|bool Return value of the callback, false otherwise.
+ */
+ public function __call( $name, $arguments ) {
+ return call_user_func_array( array( $this, $name ), $arguments );
+ }
}
/**
@@ -1092,7 +1174,7 @@ function count_users($strategy = 'time') {
// Build a CPU-intensive query that will return concise information.
$select_count = array();
foreach ( $avail_roles as $this_role => $name ) {
- $select_count[] = "COUNT(NULLIF(`meta_value` LIKE '%\"" . like_escape( $this_role ) . "\"%', false))";
+ $select_count[] = $wpdb->prepare( "COUNT(NULLIF(`meta_value` LIKE %s, false))", '%' . $wpdb->esc_like( '"' . $this_role . '"' ) . '%');
}
$select_count = implode(', ', $select_count);
@@ -1192,33 +1274,49 @@ function setup_userdata($for_user_id = '') {
* used, either 'include' or 'exclude', but not both.
*
* The available arguments are as follows:
- *
- * - show_option_all - Text to show all and whether HTML option exists.
- * - show_option_none - Text for show none and whether HTML option exists.
- * - hide_if_only_one_author - Don't create the dropdown if there is only one user.
- * - orderby - SQL order by clause for what order the users appear. Default is 'display_name'.
- * - order - Default is 'ASC'. Can also be 'DESC'.
- * - include - User IDs to include.
- * - exclude - User IDs to exclude.
- * - multi - Default is 'false'. Whether to skip the ID attribute on the 'select' element. A 'true' value is overridden when id argument is set.
- * - show - Default is 'display_name'. User table column to display. If the selected item is empty then the user_login will be displayed in parentheses
- * - echo - Default is '1'. Whether to display or retrieve content.
- * - selected - Which User ID is selected.
- * - include_selected - Always include the selected user ID in the dropdown. Default is false.
- * - name - Default is 'user'. Name attribute of select element.
- * - id - Default is the value of the 'name' parameter. ID attribute of select element.
- * - class - Class attribute of select element.
- * - blog_id - ID of blog (Multisite only). Defaults to ID of current blog.
- * - who - Which users to query. Currently only 'authors' is supported. Default is all users.
- *
*
* @since 2.3.0
*
* @global wpdb $wpdb WordPress database object for queries.
*
- * @todo Hash-notate arguments array.
- *
- * @param string|array $args Optional. Array of user arguments.
+ * @param array|string $args {
+ * Optional. Array or string of arguments to generate a drop-down of users.
+ * {@see WP_User_Query::prepare_query() for additional available arguments.
+ *
+ * @type string $show_option_all Text to show as the drop-down default (all).
+ * Default empty.
+ * @type string $show_option_none Text to show as the drop-down default when no
+ * users were found. Default empty.
+ * @type int|string $option_none_value Value to use for $show_option_non when no users
+ * were found. Default -1.
+ * @type string $hide_if_only_one_author Whether to skip generating the drop-down
+ * if only one user was found. Default empty.
+ * @type string $orderby Field to order found users by. Accepts user fields.
+ * Default 'display_name'.
+ * @type string $order Whether to order users in ascending or descending
+ * order. Accepts 'ASC' (ascending) or 'DESC' (descending).
+ * Default 'ASC'.
+ * @type array|string $include Array or comma-separated list of user IDs to include.
+ * Default empty.
+ * @type array|string $exclude Array or comma-separated list of user IDs to exclude.
+ * Default empty.
+ * @type bool|int $multi Whether to skip the ID attribute on the 'select' element.
+ * Accepts 1|true or 0|false. Default 0|false.
+ * @type string $show User table column to display. If the selected item is empty
+ * then the 'user_login' will be displayed in parentheses.
+ * Accepts user fields. Default 'display_name'.
+ * @type int|bool $echo Whether to echo or return the drop-down. Accepts 1|true (echo)
+ * or 0|false (return). Default 1|true.
+ * @type int $selected Which user ID should be selected. Default 0.
+ * @type bool $include_selected Whether to always include the selected user ID in the drop-
+ * down. Default false.
+ * @type string $name Name attribute of select element. Default 'user'.
+ * @type string $id ID attribute of the select element. Default is the value of $name.
+ * @type string $class Class attribute of the select element. Default empty.
+ * @type int $blog_id ID of blog (Multisite only). Default is ID of the current blog.
+ * @type string $who Which type of users to query. Accepts only an empty string or
+ * 'authors'. Default empty.
+ * }
* @return string|null Null on display. String of HTML content on retrieve.
*/
function wp_dropdown_users( $args = '' ) {
@@ -1228,51 +1326,57 @@ function wp_dropdown_users( $args = '' ) {
'include' => '', 'exclude' => '', 'multi' => 0,
'show' => 'display_name', 'echo' => 1,
'selected' => 0, 'name' => 'user', 'class' => '', 'id' => '',
- 'blog_id' => $GLOBALS['blog_id'], 'who' => '', 'include_selected' => false
+ 'blog_id' => $GLOBALS['blog_id'], 'who' => '', 'include_selected' => false,
+ 'option_none_value' => -1
);
$defaults['selected'] = is_author() ? get_query_var( 'author' ) : 0;
$r = wp_parse_args( $args, $defaults );
- extract( $r, EXTR_SKIP );
+ $show = $r['show'];
+ $show_option_all = $r['show_option_all'];
+ $show_option_none = $r['show_option_none'];
+ $option_none_value = $r['option_none_value'];
$query_args = wp_array_slice_assoc( $r, array( 'blog_id', 'include', 'exclude', 'orderby', 'order', 'who' ) );
$query_args['fields'] = array( 'ID', 'user_login', $show );
$users = get_users( $query_args );
$output = '';
- if ( !empty($users) && ( empty($hide_if_only_one_author) || count($users) > 1 ) ) {
- $name = esc_attr( $name );
- if ( $multi && ! $id )
+ if ( ! empty( $users ) && ( empty( $r['hide_if_only_one_author'] ) || count( $users ) > 1 ) ) {
+ $name = esc_attr( $r['name'] );
+ if ( $r['multi'] && ! $r['id'] ) {
$id = '';
- else
- $id = $id ? " id='" . esc_attr( $id ) . "'" : " id='$name'";
-
- $output = "