X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9b5673a7aae863ab45c3b73460060352c5b3810b..refs/tags/wordpress-3.3.1-scripts:/wp-includes/pluggable.php diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index a36bd1ed..df20cf63 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -81,7 +81,7 @@ function get_currentuserinfo() { return; if ( ! $user = wp_validate_auth_cookie() ) { - if ( is_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { + if ( is_blog_admin() || is_network_admin() || empty($_COOKIE[LOGGED_IN_COOKIE]) || !$user = wp_validate_auth_cookie($_COOKIE[LOGGED_IN_COOKIE], 'logged_in') ) { wp_set_current_user(0); return false; } @@ -98,27 +98,31 @@ if ( !function_exists('get_userdata') ) : * @since 0.71 * * @param int $user_id User ID - * @return bool|object False on failure, User DB row object + * @return bool|object False on failure, WP_User object on success */ function get_userdata( $user_id ) { - global $wpdb; - - if ( ! is_numeric( $user_id ) ) - return false; - - $user_id = absint( $user_id ); - if ( ! $user_id ) - return false; - - $user = wp_cache_get( $user_id, 'users' ); + return get_user_by( 'id', $user_id ); +} +endif; - if ( $user ) - return $user; +if ( !function_exists('get_user_by') ) : +/** + * Retrieve user info by a given field + * + * @since 2.8.0 + * + * @param string $field The field to retrieve the user with. id | slug | email | login + * @param int|string $value A value for $field. A user ID, slug, email address, or login name. + * @return bool|object False on failure, WP_User object on success + */ +function get_user_by( $field, $value ) { + $userdata = WP_User::get_data_by( $field, $value ); - if ( ! $user = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id ) ) ) + if ( !$userdata ) return false; - _fill_user( $user ); + $user = new WP_User; + $user->init( $userdata ); return $user; } @@ -130,103 +134,32 @@ if ( !function_exists('cache_users') ) : * * @since 3.0.0 * - * @param array $users User ID numbers list + * @param array $user_ids User ID numbers list */ -function cache_users( $users ) { +function cache_users( $user_ids ) { global $wpdb; $clean = array(); - foreach($users as $id) { + foreach ( $user_ids as $id ) { $id = (int) $id; - if (wp_cache_get($id, 'users')) { - // seems to be cached already - } else { + if ( !wp_cache_get( $id, 'users' ) ) { $clean[] = $id; } } - if ( 0 == count($clean) ) + if ( empty( $clean ) ) return; - $list = implode(',', $clean); + $list = implode( ',', $clean ); - $results = $wpdb->get_results("SELECT * FROM $wpdb->users WHERE ID IN ($list)"); + $users = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($list)" ); - _fill_many_users($results); -} -endif; - -if ( !function_exists('get_user_by') ) : -/** - * Retrieve user info by a given field - * - * @since 2.8.0 - * - * @param string $field The field to retrieve the user with. id | slug | email | login - * @param int|string $value A value for $field. A user ID, slug, email address, or login name. - * @return bool|object False on failure, User DB row object - */ -function get_user_by($field, $value) { - global $wpdb; - - switch ($field) { - case 'id': - return get_userdata($value); - break; - case 'slug': - $user_id = wp_cache_get($value, 'userslugs'); - $field = 'user_nicename'; - break; - case 'email': - $user_id = wp_cache_get($value, 'useremail'); - $field = 'user_email'; - break; - case 'login': - $value = sanitize_user( $value ); - $user_id = wp_cache_get($value, 'userlogins'); - $field = 'user_login'; - break; - default: - return false; + $ids = array(); + foreach ( $users as $user ) { + update_user_caches( $user ); + $ids[] = $user->ID; } - - if ( false !== $user_id ) - return get_userdata($user_id); - - if ( !$user = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->users WHERE $field = %s", $value) ) ) - return false; - - _fill_user($user); - - return $user; -} -endif; - -if ( !function_exists('get_userdatabylogin') ) : -/** - * Retrieve user info by login name. - * - * @since 0.71 - * - * @param string $user_login User's username - * @return bool|object False on failure, User DB row object - */ -function get_userdatabylogin($user_login) { - return get_user_by('login', $user_login); -} -endif; - -if ( !function_exists('get_user_by_email') ) : -/** - * Retrieve user info by email. - * - * @since 2.5 - * - * @param string $email User's email address - * @return bool|object False on failure, User DB row object - */ -function get_user_by_email($email) { - return get_user_by('email', $email); + update_meta_cache( 'user', $ids ); } endif; @@ -259,7 +192,6 @@ if ( !function_exists( 'wp_mail' ) ) : * @uses do_action_ref_array() Calls 'phpmailer_init' hook on the reference to * phpmailer object. * @uses PHPMailer - * @ * * @param string|array $to Array or comma-separated list of email addresses to send message. * @param string $subject Email subject @@ -281,7 +213,7 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() if ( !is_object( $phpmailer ) || !is_a( $phpmailer, 'PHPMailer' ) ) { require_once ABSPATH . WPINC . '/class-phpmailer.php'; require_once ABSPATH . WPINC . '/class-smtp.php'; - $phpmailer = new PHPMailer(); + $phpmailer = new PHPMailer( true ); } // Headers @@ -296,6 +228,8 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() $tempheaders = $headers; } $headers = array(); + $cc = array(); + $bcc = array(); // If it's actually got contents if ( !empty( $tempheaders ) ) { @@ -400,7 +334,19 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() $to = explode( ',', $to ); foreach ( (array) $to as $recipient ) { - $phpmailer->AddAddress( trim( $recipient ) ); + try { + // Break $recipient into name and address parts if in the format "Foo " + $recipient_name = ''; + if( preg_match( '/(.*)<(.+)>/', $recipient, $matches ) ) { + if ( count( $matches ) == 3 ) { + $recipient_name = $matches[1]; + $recipient = $matches[2]; + } + } + $phpmailer->AddAddress( $recipient, $recipient_name); + } catch ( phpmailerException $e ) { + continue; + } } // Set mail's subject and body @@ -410,13 +356,37 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() // Add any CC and BCC recipients if ( !empty( $cc ) ) { foreach ( (array) $cc as $recipient ) { - $phpmailer->AddCc( trim($recipient) ); + try { + // Break $recipient into name and address parts if in the format "Foo " + $recipient_name = ''; + if( preg_match( '/(.*)<(.+)>/', $recipient, $matches ) ) { + if ( count( $matches ) == 3 ) { + $recipient_name = $matches[1]; + $recipient = $matches[2]; + } + } + $phpmailer->AddCc( $recipient, $recipient_name ); + } catch ( phpmailerException $e ) { + continue; + } } } if ( !empty( $bcc ) ) { foreach ( (array) $bcc as $recipient) { - $phpmailer->AddBcc( trim($recipient) ); + try { + // Break $recipient into name and address parts if in the format "Foo " + $recipient_name = ''; + if( preg_match( '/(.*)<(.+)>/', $recipient, $matches ) ) { + if ( count( $matches ) == 3 ) { + $recipient_name = $matches[1]; + $recipient = $matches[2]; + } + } + $phpmailer->AddBcc( $recipient, $recipient_name ); + } catch ( phpmailerException $e ) { + continue; + } } } @@ -455,16 +425,24 @@ function wp_mail( $to, $subject, $message, $headers = '', $attachments = array() if ( !empty( $attachments ) ) { foreach ( $attachments as $attachment ) { - $phpmailer->AddAttachment($attachment); + try { + $phpmailer->AddAttachment($attachment); + } catch ( phpmailerException $e ) { + continue; + } } } do_action_ref_array( 'phpmailer_init', array( &$phpmailer ) ); // Send! - $result = @$phpmailer->Send(); + try { + $phpmailer->Send(); + } catch ( phpmailerException $e ) { + return false; + } - return $result; + return true; } endif; @@ -548,7 +526,7 @@ function wp_validate_auth_cookie($cookie = '', $scheme = '') { return false; } - $user = get_userdatabylogin($username); + $user = get_user_by('login', $username); if ( ! $user ) { do_action('auth_cookie_bad_username', $cookie_elements); return false; @@ -671,6 +649,9 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { if ( '' === $secure ) $secure = is_ssl(); + $secure = apply_filters('secure_auth_cookie', $secure, $user_id); + $secure_logged_in_cookie = apply_filters('secure_logged_in_cookie', false, $user_id, $secure); + if ( $secure ) { $auth_cookie_name = SECURE_AUTH_COOKIE; $scheme = 'secure_auth'; @@ -685,23 +666,11 @@ function wp_set_auth_cookie($user_id, $remember = false, $secure = '') { do_action('set_auth_cookie', $auth_cookie, $expire, $expiration, $user_id, $scheme); do_action('set_logged_in_cookie', $logged_in_cookie, $expire, $expiration, $user_id, 'logged_in'); - // Set httponly if the php version is >= 5.2.0 - if ( version_compare(phpversion(), '5.2.0', 'ge') ) { - setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); - setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, false, true); - if ( COOKIEPATH != SITECOOKIEPATH ) - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, false, true); - } else { - $cookie_domain = COOKIE_DOMAIN; - if ( !empty($cookie_domain) ) - $cookie_domain .= '; HttpOnly'; - setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, $cookie_domain, $secure); - setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, $cookie_domain, $secure); - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, $cookie_domain); - if ( COOKIEPATH != SITECOOKIEPATH ) - setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, $cookie_domain); - } + setcookie($auth_cookie_name, $auth_cookie, $expire, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); + setcookie($auth_cookie_name, $auth_cookie, $expire, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, $secure, true); + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, COOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); + if ( COOKIEPATH != SITECOOKIEPATH ) + setcookie(LOGGED_IN_COOKIE, $logged_in_cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN, $secure_logged_in_cookie, true); } endif; @@ -746,7 +715,7 @@ if ( !function_exists('is_user_logged_in') ) : function is_user_logged_in() { $user = wp_get_current_user(); - if ( $user->id == 0 ) + if ( empty( $user->ID ) ) return false; return true; @@ -764,6 +733,8 @@ function auth_redirect() { $secure = ( is_ssl() || force_ssl_admin() ); + $secure = apply_filters('secure_auth_redirect', $secure); + // If https is required and request is http, redirect if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) { if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) { @@ -775,7 +746,12 @@ function auth_redirect() { } } - if ( $user_id = wp_validate_auth_cookie( '', apply_filters( 'auth_redirect_scheme', '' ) ) ) { + if ( is_user_admin() ) + $scheme = 'logged_in'; + else + $scheme = apply_filters( 'auth_redirect_scheme', '' ); + + if ( $user_id = wp_validate_auth_cookie( '', $scheme) ) { do_action('auth_redirect', $user_id); // If the user wants ssl but the session is not ssl, redirect. @@ -822,6 +798,9 @@ if ( !function_exists('check_admin_referer') ) : * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) */ function check_admin_referer($action = -1, $query_arg = '_wpnonce') { + if ( -1 == $action ) + _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' ); + $adminurl = strtolower(admin_url()); $referer = strtolower(wp_get_referer()); $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; @@ -861,9 +840,8 @@ endif; if ( !function_exists('wp_redirect') ) : /** - * Redirects to another page, with a workaround for the IIS Set-Cookie bug. + * Redirects to another page. * - * @link http://support.microsoft.com/kb/q176113/ * @since 1.5.1 * @uses apply_filters() Calls 'wp_redirect' hook on $location and $status. * @@ -882,13 +860,10 @@ function wp_redirect($location, $status = 302) { $location = wp_sanitize_redirect($location); - if ( $is_IIS ) { - header("Refresh: 0;url=$location"); - } else { - if ( php_sapi_name() != 'cgi-fcgi' ) - status_header($status); // This causes problems on IIS and some FastCGI setups - header("Location: $location", true, $status); - } + if ( !$is_IIS && php_sapi_name() != 'cgi-fcgi' ) + status_header($status); // This causes problems on IIS and some FastCGI setups + + header("Location: $location", true, $status); } endif; @@ -1000,14 +975,22 @@ if ( ! function_exists('wp_notify_postauthor') ) : * @param string $comment_type Optional. The comment type either 'comment' (default), 'trackback', or 'pingback' * @return bool False if user email does not exist. True on completion. */ -function wp_notify_postauthor($comment_id, $comment_type='') { - $comment = get_comment($comment_id); - $post = get_post($comment->comment_post_ID); - $user = get_userdata( $post->post_author ); +function wp_notify_postauthor( $comment_id, $comment_type = '' ) { + $comment = get_comment( $comment_id ); + $post = get_post( $comment->comment_post_ID ); + $author = get_userdata( $post->post_author ); - if ( $comment->user_id == $post->post_author ) return false; // The author moderated a comment on his own post + // The comment was left by the author + if ( $comment->user_id == $post->post_author ) + return false; - if ('' == $user->user_email) return false; // If there's no email to send the comment to + // The author moderated a comment on his own post + if ( $post->post_author == get_current_user_id() ) + return false; + + // If there's no email to send the comment to + if ( '' == $author->user_email ) + return false; $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); @@ -1023,7 +1006,7 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n"; - $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; + $notify_message .= sprintf( __('Whois : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n"; $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; $notify_message .= __('You can see all comments on this post here: ') . "\r\n"; /* translators: 1: blog name, 2: post title */ @@ -1048,6 +1031,7 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $subject = sprintf( __('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title ); } $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n"; + $notify_message .= sprintf( __('Permalink: %s'), get_permalink( $comment->comment_post_ID ) . '#comment-' . $comment_id ) . "\r\n"; if ( EMPTY_TRASH_DAYS ) $notify_message .= sprintf( __('Trash it: %s'), admin_url("comment.php?action=trash&c=$comment_id") ) . "\r\n"; else @@ -1076,7 +1060,7 @@ function wp_notify_postauthor($comment_id, $comment_type='') { $subject = apply_filters('comment_notification_subject', $subject, $comment_id); $message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id); - @wp_mail($user->user_email, $subject, $notify_message, $message_headers); + @wp_mail( $author->user_email, $subject, $notify_message, $message_headers ); return true; } @@ -1095,11 +1079,16 @@ if ( !function_exists('wp_notify_moderator') ) : function wp_notify_moderator($comment_id) { global $wpdb; - if( get_option( "moderation_notify" ) == 0 ) + if ( 0 == get_option( 'moderation_notify' ) ) return true; - $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); - $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); + $comment = get_comment($comment_id); + $post = get_post($comment->comment_post_ID); + $user = get_userdata( $post->post_author ); + // Send to the administration and to the post author if the author can modify the comment. + $email_to = array( get_option('admin_email') ); + if ( user_can($user->ID, 'edit_comment', $comment_id) && !empty($user->user_email) && ( get_option('admin_email') != $user->user_email) ) + $email_to[] = $user->user_email; $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); @@ -1130,7 +1119,7 @@ function wp_notify_moderator($comment_id) { $notify_message .= sprintf( __('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain ) . "\r\n"; $notify_message .= sprintf( __('E-mail : %s'), $comment->comment_author_email ) . "\r\n"; $notify_message .= sprintf( __('URL : %s'), $comment->comment_author_url ) . "\r\n"; - $notify_message .= sprintf( __('Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP ) . "\r\n"; + $notify_message .= sprintf( __('Whois : http://whois.arin.net/rest/ip/%s'), $comment->comment_author_IP ) . "\r\n"; $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n"; break; } @@ -1147,14 +1136,14 @@ function wp_notify_moderator($comment_id) { $notify_message .= admin_url("edit-comments.php?comment_status=moderated") . "\r\n"; $subject = sprintf( __('[%1$s] Please moderate: "%2$s"'), $blogname, $post->post_title ); - $admin_email = get_option('admin_email'); $message_headers = ''; $notify_message = apply_filters('comment_moderation_text', $notify_message, $comment_id); $subject = apply_filters('comment_moderation_subject', $subject, $comment_id); $message_headers = apply_filters('comment_moderation_headers', $message_headers); - @wp_mail($admin_email, $subject, $notify_message, $message_headers); + foreach ( $email_to as $email ) + @wp_mail($email, $subject, $notify_message, $message_headers); return true; } @@ -1251,7 +1240,7 @@ if ( !function_exists('wp_verify_nonce') ) : */ function wp_verify_nonce($nonce, $action = -1) { $user = wp_get_current_user(); - $uid = (int) $user->id; + $uid = (int) $user->ID; $i = wp_nonce_tick(); @@ -1277,7 +1266,7 @@ if ( !function_exists('wp_create_nonce') ) : */ function wp_create_nonce($action = -1) { $user = wp_get_current_user(); - $uid = (int) $user->id; + $uid = (int) $user->ID; $i = wp_nonce_tick(); @@ -1442,7 +1431,7 @@ if ( !function_exists('wp_check_password') ) : * * Maintains compatibility between old version and the new cookie authentication * protocol using PHPass library. The $hash parameter is the encrypted password - * and the function compares the plain text password when encypted similarly + * and the function compares the plain text password when encrypted similarly * against the already encrypted password to see if they match. * * For integration with other applications, this function can be overwritten to @@ -1646,7 +1635,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) { $host = 'https://secure.gravatar.com'; } else { if ( !empty($email) ) - $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash{0} ) % 2 ) ); + $host = sprintf( "http://%d.gravatar.com", ( hexdec( $email_hash[0] ) % 2 ) ); else $host = 'http://0.gravatar.com'; }