Multisite: Switch to a usermeta key for email confirmation.

To prevent inconsistent data across sites in a network the new email address is now stored in usermeta. Adds visual feedback for the case when an update has failed. All existing options will be removed on a database upgrade. Props MikeHansenMe, kovshenin, jeremyfelt, ocean90. Fixes #23358. Built from https://develop.svn.wordpress.org/trunk@36679 git-svn-id: http://core.svn.wordpress.org/trunk@36646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 15:34:28 +00:00 · 2016-02-24 15:34:28 +00:00 · 86690daf0b
parent 21b22c0fb6
commit 86690daf0b
4 changed files with 37 additions and 19 deletions
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@ -342,7 +342,7 @@ function send_confirmation_on_profile_email() {

 		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
 			$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
-			delete_option( $current_user->ID . '_new_email' );
+			delete_user_meta( $current_user->ID, '_new_email' );
 			return;
 		}

@ -351,7 +351,7 @@ function send_confirmation_on_profile_email() {
 			'hash' => $hash,
 			'newemail' => $_POST['email']
 		);
-		update_option( $current_user->ID . '_new_email', $new_user_email );
+		update_user_meta( $current_user->ID, '_new_email', $new_user_email );

 		/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
 		$email_text = __( 'Howdy ###USERNAME###,
@ -408,9 +408,9 @@ All at ###SITENAME###
 */
 function new_user_email_admin_notice() {
 	global $pagenow;
-	if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_option( get_current_user_id() . '_new_email' ) ) {
+	if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
 		/* translators: %s: New email address */
-		echo '<div class="update-nag">' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), esc_html( $email['newemail'] ) ) . '</div>';
+		echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
 	}
 }

--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@ -1669,11 +1669,19 @@ function upgrade_440() {
 * @since 4.5.0
 *
 * @global int  $wp_current_db_version
+ * @global wpdb $wpdb
 */
 function upgrade_450() {
-	global $wp_current_db_version;
-	if ( $wp_current_db_version < 36180 )
+	global $wp_current_db_version, $wpdb;
+
+	if ( $wp_current_db_version < 36180 ) {
 		wp_clear_scheduled_hook( 'wp_maybe_auto_update' );
+	}
+
+	// Remove unused email confirmation options, moved to usermeta.
+	if ( $wp_current_db_version < 36679 && is_multisite() ) {
+		$wpdb->query( "DELETE FROM $wpdb->options WHERE option_name REGEXP '^[0-9]+_new_email$'" );
+	}
 }

 /**
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@ -82,20 +82,23 @@ if ( is_multisite()

 // Execute confirmed email change. See send_confirmation_on_profile_email().
 if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
-	$new_email = get_option( $current_user->ID . '_new_email' );
-	if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+	$new_email = get_user_meta( $current_user->ID, '_new_email', true );
+	if ( $new_email && $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
 		$user = new stdClass;
 		$user->ID = $current_user->ID;
 		$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
-		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
+		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
 			$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
+		}
 		wp_update_user( $user );
-		delete_option( $current_user->ID . '_new_email' );
-		wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
+		delete_user_meta( $current_user->ID, '_new_email' );
+		wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
 		die();
+	} else {
+		wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
 	}
 } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
-	delete_option( $current_user->ID . '_new_email' );
+	delete_user_meta( $current_user->ID, '_new_email' );
 	wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 	die();
 }
@ -181,6 +184,13 @@ include(ABSPATH . 'wp-admin/admin-header.php');
 	<?php endif; ?>
 </div>
 <?php endif; ?>
+<?php if ( isset( $_GET['error'] ) ) : ?>
+<div class="notice notice-error">
+	<?php if ( 'new-email' == $_GET['error'] ) : ?>
+	<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
+	<?php endif; ?>
+</div>
+<?php endif; ?>
 <?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
 <div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
 <?php endif; ?>
@ -383,7 +393,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 	<th><label for="email"><?php _e('Email'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
 	<td><input type="email" name="email" id="email" value="<?php echo esc_attr( $profileuser->user_email ) ?>" class="regular-text ltr" />
 	<?php
-	$new_email = get_option( $current_user->ID . '_new_email' );
+	$new_email = get_user_meta( $current_user->ID, '_new_email', true );
 	if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
 	<div class="updated inline">
 	<p><?php
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,14 +4,14 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.5-alpha-36678';
+$wp_version = '4.5-alpha-36679';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
 *
 * @global int $wp_db_version
 */
-$wp_db_version = 36654;
+$wp_db_version = 36679;

 /**
 * Holds the TinyMCE version