enmi-conf.org: comparison wp/wp-admin/includes/user.php

equal deleted inserted replaced

-:c7c34916027a
+:177826044cd9
 * Used on user-edit.php and profile.php to manage and process user options, passwords etc.
 *
 * @since 2.0.0
 *
 * @param int $user_id Optional. User ID.
-* @return int|WP_Error user id of the updated user
+* @return int|WP_Error user id of the updated user.
 */
 function edit_user( $user_id = 0 ) {
 	$wp_roles = wp_roles();
-	$user = new stdClass;
+	$user     = new stdClass;
+	$user_id  = (int) $user_id;
 	if ( $user_id ) {
-		$update = true;
+		$update           = true;
-		$user->ID = (int) $user_id;
+		$user->ID         = $user_id;
-		$userdata = get_userdata( $user_id );
+		$userdata         = get_userdata( $user_id );
 		$user->user_login = wp_slash( $userdata->user_login );
 	} else {
 		$update = false;
 	}
-	if ( !$update && isset( $_POST['user_login'] ) )
+	if ( ! $update && isset( $_POST['user_login'] ) ) {
-		$user->user_login = sanitize_user($_POST['user_login'], true);
+		$user->user_login = sanitize_user( $_POST['user_login'], true );
+	}
 	$pass1 = $pass2 = '';
-	if ( isset( $_POST['pass1'] ) )
+	if ( isset( $_POST['pass1'] ) ) {
 		$pass1 = $_POST['pass1'];
-	if ( isset( $_POST['pass2'] ) )
+	}
+	if ( isset( $_POST['pass2'] ) ) {
 		$pass2 = $_POST['pass2'];
+	}
-	if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
+	if ( isset( $_POST['role'] ) && current_user_can( 'promote_users' ) && ( ! $user_id || current_user_can( 'promote_user', $user_id ) ) ) {
 		$new_role = sanitize_text_field( $_POST['role'] );
-		$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
-		// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
+		// If the new role isn't editable by the logged-in user die with error.
-		// Multisite super admins can freely edit their blog roles -- they possess all caps.
+		$editable_roles = get_editable_roles();
-		if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
+		if ( ! empty( $new_role ) && empty( $editable_roles[ $new_role ] ) ) {
+			wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
+		}
+		$potential_role = isset( $wp_roles->role_objects[ $new_role ] ) ? $wp_roles->role_objects[ $new_role ] : false;
+		/*
+		 * Don't let anyone with 'promote_users' edit their own role to something without it.
+		 * Multisite super admins can freely edit their roles, they possess all caps.
+		 */
+		if (
+			( is_multisite() && current_user_can( 'manage_network_users' ) ) ||
+			$user_id !== get_current_user_id() ||
+			( $potential_role && $potential_role->has_cap( 'promote_users' ) )
+		) {
 			$user->role = $new_role;
+		}
-		// If the new role isn't editable by the logged-in user die with error
+	}
-		$editable_roles = get_editable_roles();
-		if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
+	if ( isset( $_POST['email'] ) ) {
-			wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
-	}
-	if ( isset( $_POST['email'] ))
 		$user->user_email = sanitize_text_field( wp_unslash( $_POST['email'] ) );
+	}
 	if ( isset( $_POST['url'] ) ) {
-		if ( empty ( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
+		if ( empty( $_POST['url'] ) || $_POST['url'] == 'http://' ) {
 			$user->user_url = '';
 		} else {
 			$user->user_url = esc_url_raw( $_POST['url'] );
-			$protocols = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
+			$protocols      = implode( '|', array_map( 'preg_quote', wp_allowed_protocols() ) );
-			$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
+			$user->user_url = preg_match( '/^(' . $protocols . '):/is', $user->user_url ) ? $user->user_url : 'http://' . $user->user_url;
 		}
 	}
-	if ( isset( $_POST['first_name'] ) )
+	if ( isset( $_POST['first_name'] ) ) {
 		$user->first_name = sanitize_text_field( $_POST['first_name'] );
-	if ( isset( $_POST['last_name'] ) )
+	}
+	if ( isset( $_POST['last_name'] ) ) {
 		$user->last_name = sanitize_text_field( $_POST['last_name'] );
-	if ( isset( $_POST['nickname'] ) )
+	}
+	if ( isset( $_POST['nickname'] ) ) {
 		$user->nickname = sanitize_text_field( $_POST['nickname'] );
-	if ( isset( $_POST['display_name'] ) )
+	}
+	if ( isset( $_POST['display_name'] ) ) {
 		$user->display_name = sanitize_text_field( $_POST['display_name'] );
+	}
-	if ( isset( $_POST['description'] ) )
+	if ( isset( $_POST['description'] ) ) {
 		$user->description = trim( $_POST['description'] );
+	}
 	foreach ( wp_get_user_contact_methods( $user ) as $method => $name ) {
-		if ( isset( $_POST[$method] ))
+		if ( isset( $_POST[ $method ] ) ) {
-			$user->$method = sanitize_text_field( $_POST[$method] );
+			$user->$method = sanitize_text_field( $_POST[ $method ] );
+		}
 	}
 	if ( $update ) {
-		$user->rich_editing = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
+		$user->rich_editing         = isset( $_POST['rich_editing'] ) && 'false' === $_POST['rich_editing'] ? 'false' : 'true';
-		$user->syntax_highlighting = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
+		$user->syntax_highlighting  = isset( $_POST['syntax_highlighting'] ) && 'false' === $_POST['syntax_highlighting'] ? 'false' : 'true';
-		$user->admin_color = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
+		$user->admin_color          = isset( $_POST['admin_color'] ) ? sanitize_text_field( $_POST['admin_color'] ) : 'fresh';
 		$user->show_admin_bar_front = isset( $_POST['admin_bar_front'] ) ? 'true' : 'false';
-		$user->locale = '';
+		$user->locale               = '';
 		if ( isset( $_POST['locale'] ) ) {
 			$locale = sanitize_text_field( $_POST['locale'] );
 			if ( 'site-default' === $locale ) {
 				$locale = '';
 	}
 	$user->comment_shortcuts = isset( $_POST['comment_shortcuts'] ) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
 	$user->use_ssl = 0;
-	if ( !empty($_POST['use_ssl']) )
+	if ( ! empty( $_POST['use_ssl'] ) ) {
 		$user->use_ssl = 1;
+	}
 	$errors = new WP_Error();
 	/* checking that username has been typed */
-	if ( $user->user_login == '' )
+	if ( $user->user_login == '' ) {
 		$errors->add( 'user_login', __( '<strong>ERROR</strong>: Please enter a username.' ) );
+	}
 	/* checking that nickname has been typed */
 	if ( $update && empty( $user->nickname ) ) {
 		$errors->add( 'nickname', __( '<strong>ERROR</strong>: Please enter a nickname.' ) );
 	}
 	if ( ! $update && empty( $pass1 ) ) {
 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter a password.' ), array( 'form-field' => 'pass1' ) );
 	}
 	// Check for "\" in password.
-	if ( false !== strpos( wp_unslash( $pass1 ), "\\" ) ) {
+	if ( false !== strpos( wp_unslash( $pass1 ), '\\' ) ) {
 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Passwords may not contain the character "\\".' ), array( 'form-field' => 'pass1' ) );
 	}
 	// Checking the password has been typed twice the same.
 	if ( ( $update || ! empty( $pass1 ) ) && $pass1 != $pass2 ) {
 		$errors->add( 'pass', __( '<strong>ERROR</strong>: Please enter the same password in both password fields.' ), array( 'form-field' => 'pass1' ) );
 	}
-	if ( !empty( $pass1 ) )
+	if ( ! empty( $pass1 ) ) {
 		$user->user_pass = $pass1;
+	}
-	if ( !$update && isset( $_POST['user_login'] ) && !validate_username( $_POST['user_login'] ) )
-		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ));
+	if ( ! $update && isset( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {
+		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.' ) );
-	if ( !$update && username_exists( $user->user_login ) )
+	}
-		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ));
+	if ( ! $update && username_exists( $user->user_login ) ) {
+		$errors->add( 'user_login', __( '<strong>ERROR</strong>: This username is already registered. Please choose another one.' ) );
+	}
 	/** This filter is documented in wp-includes/user.php */
 	$illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
 	if ( in_array( strtolower( $user->user_login ), array_map( 'strtolower', $illegal_logins ) ) ) {
 	}
 	/* checking email address */
 	if ( empty( $user->user_email ) ) {
 		$errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please enter an email address.' ), array( 'form-field' => 'email' ) );
-	} elseif ( !is_email( $user->user_email ) ) {
+	} elseif ( ! is_email( $user->user_email ) ) {
 		$errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ), array( 'form-field' => 'email' ) );
-	} elseif ( ( $owner_id = email_exists($user->user_email) ) && ( !$update || ( $owner_id != $user->ID ) ) ) {
+	} elseif ( ( $owner_id = email_exists( $user->user_email ) ) && ( ! $update || ( $owner_id != $user->ID ) ) ) {
-		$errors->add( 'email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array( 'form-field' => 'email' ) );
+		$errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ), array( 'form-field' => 'email' ) );
 	}
 	/**
 	 * Fires before user profile update errors are returned.
 	 *
 	 * @param bool     $update  Whether this is a user update.
 	 * @param stdClass $user   User object (passed by reference).
 	 */
 	do_action_ref_array( 'user_profile_update_errors', array( &$errors, $update, &$user ) );
-	if ( $errors->get_error_codes() )
+	if ( $errors->has_errors() ) {
 		return $errors;
+	}
 	if ( $update ) {
 		$user_id = wp_update_user( $user );
 	} else {
 		$user_id = wp_insert_user( $user );
 		$notify  = isset( $_POST['send_user_notification'] ) ? 'both' : 'admin';
 		/**
-		  * Fires after a new user has been created.
+		 * Fires after a new user has been created.
-		  *
+		 *
-		  * @since 4.4.0
+		 * @since 4.4.0
-		  *
+		 *
-		  * @param int    $user_id ID of the newly created user.
+		 * @param int    $user_id ID of the newly created user.
-		  * @param string $notify  Type of notification that should happen. See wp_send_new_user_notifications()
+		 * @param string $notify  Type of notification that should happen. See wp_send_new_user_notifications()
-		  *                        for more information on possible values.
+		 *                        for more information on possible values.
-		  */
+		 */
 		do_action( 'edit_user_created_user', $user_id, $notify );
 	}
 	return $user_id;
 }
 /**
 * Fetch a filtered list of user roles that the current user is
 * allowed to edit.
 *
-* Simple function who's main purpose is to allow filtering of the
+* Simple function whose main purpose is to allow filtering of the
 * list of roles in the $wp_roles object so that plugins can remove
 * inappropriate ones depending on the situation or user making edits.
 * Specifically because without filtering anyone with the edit_users
 * capability can edit others to be administrators, even if they are
 * only editors or authors. This filter allows admins to delegate
 * user management.
 *
 * @since 2.8.0
 *
-* @return array
+* @return array[] Array of arrays containing role information.
 */
 function get_editable_roles() {
 	$all_roles = wp_roles()->roles;
 	/**
 	 * Filters the list of editable roles.
 	 *
 	 * @since 2.8.0
 	 *
-	 * @param array $all_roles List of roles.
+	 * @param array[] $all_roles Array of arrays containing role information.
 	 */
 	$editable_roles = apply_filters( 'editable_roles', $all_roles );
 	return $editable_roles;
 }
 * @return WP_User|bool WP_User object on success, false on failure.
 */
 function get_user_to_edit( $user_id ) {
 	$user = get_userdata( $user_id );
-	if ( $user )
+	if ( $user ) {
 		$user->filter = 'edit';
+	}
 	return $user;
 }
 /**
 * @param int $user_id User ID.
 * @return array
 */
 function get_users_drafts( $user_id ) {
 	global $wpdb;
-	$query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
+	$query = $wpdb->prepare( "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id );
 	/**
 	 * Filters the user's drafts query string.
 	 *
 	 * @since 2.0.0
 	if ( ! is_numeric( $id ) ) {
 		return false;
 	}
-	$id = (int) $id;
+	$id   = (int) $id;
 	$user = new WP_User( $id );
-	if ( !$user->exists() )
+	if ( ! $user->exists() ) {
 		return false;
+	}
 	// Normalize $reassign to null or a user ID. 'novalue' was an older default.
 	if ( 'novalue' === $reassign ) {
 		$reassign = null;
 	} elseif ( null !== $reassign ) {
 		/**
 		 * Filters the list of post types to delete with a user.
 		 *
 		 * @since 3.4.0
 		 *
-		 * @param array $post_types_to_delete Post types to delete.
+		 * @param string[] $post_types_to_delete Array of post types to delete.
-		 * @param int   $id                   User ID.
+		 * @param int      $id                   User ID.
 		 */
 		$post_types_to_delete = apply_filters( 'post_types_to_delete_with_user', $post_types_to_delete, $id );
 		$post_types_to_delete = implode( "', '", $post_types_to_delete );
-		$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
+		$post_ids             = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d AND post_type IN ('$post_types_to_delete')", $id ) );
 		if ( $post_ids ) {
-			foreach ( $post_ids as $post_id )
+			foreach ( $post_ids as $post_id ) {
 				wp_delete_post( $post_id );
+			}
 		}
 		// Clean links
-		$link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
+		$link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
 		if ( $link_ids ) {
-			foreach ( $link_ids as $link_id )
+			foreach ( $link_ids as $link_id ) {
-				wp_delete_link($link_id);
+				wp_delete_link( $link_id );
+			}
 		}
 	} else {
 		$post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id ) );
-		$wpdb->update( $wpdb->posts, array('post_author' => $reassign), array('post_author' => $id) );
+		$wpdb->update( $wpdb->posts, array( 'post_author' => $reassign ), array( 'post_author' => $id ) );
 		if ( ! empty( $post_ids ) ) {
-			foreach ( $post_ids as $post_id )
+			foreach ( $post_ids as $post_id ) {
 				clean_post_cache( $post_id );
-		}
+			}
-		$link_ids = $wpdb->get_col( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id) );
+		}
-		$wpdb->update( $wpdb->links, array('link_owner' => $reassign), array('link_owner' => $id) );
+		$link_ids = $wpdb->get_col( $wpdb->prepare( "SELECT link_id FROM $wpdb->links WHERE link_owner = %d", $id ) );
+		$wpdb->update( $wpdb->links, array( 'link_owner' => $reassign ), array( 'link_owner' => $id ) );
 		if ( ! empty( $link_ids ) ) {
-			foreach ( $link_ids as $link_id )
+			foreach ( $link_ids as $link_id ) {
 				clean_bookmark_cache( $link_id );
+			}
 		}
 	}
 	// FINALLY, delete user
 	if ( is_multisite() ) {
 		remove_user_from_blog( $id, get_current_blog_id() );
 	} else {
 		$meta = $wpdb->get_col( $wpdb->prepare( "SELECT umeta_id FROM $wpdb->usermeta WHERE user_id = %d", $id ) );
-		foreach ( $meta as $mid )
+		foreach ( $meta as $mid ) {
 			delete_metadata_by_mid( 'user', $mid );
+		}
 		$wpdb->delete( $wpdb->users, array( 'ID' => $id ) );
 	}
 	clean_user_cache( $user );
 *
 * @since 2.1.0
 *
 * @param int $id User ID.
 */
-function wp_revoke_user($id) {
+function wp_revoke_user( $id ) {
 	$id = (int) $id;
-	$user = new WP_User($id);
+	$user = new WP_User( $id );
 	$user->remove_all_caps();
 }
 /**
 * @since 2.8.0
 *
 * @global int $user_ID
 *
 * @param false $errors Deprecated.
 */
-function default_password_nag_handler($errors = false) {
+function default_password_nag_handler( $errors = false ) {
 	global $user_ID;
 	// Short-circuit it.
-	if ( ! get_user_option('default_password_nag') )
+	if ( ! get_user_option( 'default_password_nag' ) ) {
 		return;
+	}
 	// get_user_setting = JS saved UI setting. else no-js-fallback code.
-	if ( 'hide' == get_user_setting('default_password_nag') || isset($_GET['default_password_nag']) && '0' == $_GET['default_password_nag'] ) {
+	if ( 'hide' == get_user_setting( 'default_password_nag' ) || isset( $_GET['default_password_nag'] ) && '0' == $_GET['default_password_nag'] ) {
-		delete_user_setting('default_password_nag');
+		delete_user_setting( 'default_password_nag' );
-		update_user_option($user_ID, 'default_password_nag', false, true);
+		update_user_option( $user_ID, 'default_password_nag', false, true );
 	}
 }
 /**
 * @since 2.8.0
 *
 * @param int    $user_ID
 * @param object $old_data
 */
-function default_password_nag_edit_user($user_ID, $old_data) {
+function default_password_nag_edit_user( $user_ID, $old_data ) {
 	// Short-circuit it.
-	if ( ! get_user_option('default_password_nag', $user_ID) )
+	if ( ! get_user_option( 'default_password_nag', $user_ID ) ) {
 		return;
+	}
-	$new_data = get_userdata($user_ID);
+	$new_data = get_userdata( $user_ID );
 	// Remove the nag if the password has been changed.
 	if ( $new_data->user_pass != $old_data->user_pass ) {
-		delete_user_setting('default_password_nag');
+		delete_user_setting( 'default_password_nag' );
-		update_user_option($user_ID, 'default_password_nag', false, true);
+		update_user_option( $user_ID, 'default_password_nag', false, true );
 	}
 }
 /**
 * @since 2.8.0
 * @global string $pagenow
 */
 function default_password_nag() {
 	global $pagenow;
 	// Short-circuit it.
-	if ( 'profile.php' == $pagenow || ! get_user_option('default_password_nag') )
+	if ( 'profile.php' == $pagenow || ! get_user_option( 'default_password_nag' ) ) {
 		return;
+	}
 	echo '<div class="error default-password-nag">';
 	echo '<p>';
-	echo '<strong>' . __('Notice:') . '</strong> ';
+	echo '<strong>' . __( 'Notice:' ) . '</strong> ';
-	_e('You&rsquo;re using the auto-generated password for your account. Would you like to change it?');
+	_e( 'You&rsquo;re using the auto-generated password for your account. Would you like to change it?' );
 	echo '</p><p>';
-	printf( '<a href="%s">' . __('Yes, take me to my profile page') . '</a> | ', get_edit_profile_url() . '#password' );
+	printf( '<a href="%s">' . __( 'Yes, take me to my profile page' ) . '</a> | ', get_edit_profile_url() . '#password' );
-	printf( '<a href="%s" id="default-password-nag-no">' . __('No thanks, do not remind me again') . '</a>', '?default_password_nag=0' );
+	printf( '<a href="%s" id="default-password-nag-no">' . __( 'No thanks, do not remind me again' ) . '</a>', '?default_password_nag=0' );
 	echo '</p></div>';
 }
 /**
 * @since 3.5.0
 * @access private
 */
-function delete_users_add_js() { ?>
+function delete_users_add_js() {
+	?>
 <script>
 jQuery(document).ready( function($) {
 	var submit = $('#submit').prop('disabled', true);
 	$('input[name="delete_option"]').one('change', function() {
 		submit.prop('disabled', false);
 	$('#reassign_user').focus( function() {
 		$('#delete_option1').prop('checked', true).trigger('change');
 	});
 });
 </script>
-<?php
+	<?php
 }
 /**
 * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
 *
 * See the {@see 'personal_options'} action.
 *
 * @since 2.7.0
 *
-* @param object $user User data object
+* @param object $user User data object.
 */
-function use_ssl_preference($user) {
+function use_ssl_preference( $user ) {
-?>
+	?>
 	<tr class="user-use-ssl-wrap">
-		<th scope="row"><?php _e('Use https')?></th>
+		<th scope="row"><?php _e( 'Use https' ); ?></th>
-		<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
+		<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked( '1', $user->use_ssl ); ?> /> <?php _e( 'Always use https when visiting the admin' ); ?></label></td>
 	</tr>
-<?php
+	<?php
 }
 /**
-*
 * @param string $text
 * @return string
 */
 function admin_created_user_email( $text ) {
 	$roles = get_editable_roles();
-	$role = $roles[ $_REQUEST['role'] ];
+	$role  = $roles[ $_REQUEST['role'] ];
-	/* translators: 1: Site name, 2: site URL, 3: role */
+	/* translators: 1: site name, 2: site URL, 3: role */
-	return sprintf( __( 'Hi,
+	return sprintf(
+		__(
+			'Hi,
 You\'ve been invited to join \'%1$s\' at
 %2$s with the role of %3$s.
 If you do not want to join this site please ignore
 this email. This invitation will expire in a few days.
 Please click the following link to activate your user account:
-%%s' ), wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ) );
+%%s'
+		),
+		wp_specialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES ),
+		home_url(),
+		wp_specialchars_decode( translate_user_role( $role['name'] ) )
+	);
 }
 /**
 * Resend an existing request and return the result.
 *
 *
 * @since 4.9.6
 * @access private
 *
 * @param  int          $request_id Request ID.
-* @return int|WP_Error $request    Request ID on success or WP_Error.
+* @return int|WP_Error $result Request ID on success or WP_Error.
 */
 function _wp_privacy_completed_request( $request_id ) {
-	$request_id   = absint( $request_id );
+	$request_id = absint( $request_id );
-	$request_data = wp_get_user_request_data( $request_id );
+	$request    = wp_get_user_request_data( $request_id );
-	if ( ! $request_data ) {
+	if ( ! $request ) {
 		return new WP_Error( 'privacy_request_error', __( 'Invalid request.' ) );
 	}
 	update_post_meta( $request_id, '_wp_user_request_completed_timestamp', time() );
-	$request = wp_update_post( array(
+	$result = wp_update_post(
-		'ID'          => $request_id,
+		array(
-		'post_status' => 'request-completed',
+			'ID'          => $request_id,
-	) );
+			'post_status' => 'request-completed',
+		)
-	return $request;
+	);
+	return $result;
 }
 /**
 * Handle list table actions.
 *
 * @since 4.9.6
 * @access private
 */
 function _wp_personal_data_cleanup_requests() {
 	/** This filter is documented in wp-includes/user.php */
-	$expires        = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
+	$expires = (int) apply_filters( 'user_request_key_expiration', DAY_IN_SECONDS );
-	$requests_query = new WP_Query( array(
+	$requests_query = new WP_Query(
-		'post_type'      => 'user_request',
+		array(
-		'posts_per_page' => -1,
+			'post_type'      => 'user_request',
-		'post_status'    => 'request-pending',
+			'posts_per_page' => -1,
-		'fields'         => 'ids',
+			'post_status'    => 'request-pending',
-		'date_query'     => array(
+			'fields'         => 'ids',
+			'date_query'     => array(
+				array(
+					'column' => 'post_modified_gmt',
+					'before' => $expires . ' seconds ago',
+				),
+			),
+		)
+	);
+	$request_ids = $requests_query->posts;
+	foreach ( $request_ids as $request_id ) {
+		wp_update_post(
 			array(
-				'column' => 'post_modified_gmt',
+				'ID'            => $request_id,
-				'before' => $expires . ' seconds ago',
+				'post_status'   => 'request-failed',
-			),
+				'post_password' => '',
-		),
+			)
-	) );
+		);
-	$request_ids = $requests_query->posts;
-	foreach ( $request_ids as $request_id ) {
-		wp_update_post( array(
-			'ID'            => $request_id,
-			'post_status'   => 'request-failed',
-			'post_password' => '',
-		) );
 	}
 }
 /**
 * Personal data export.
 	_wp_personal_data_cleanup_requests();
 	// "Borrow" xfn.js for now so we don't have to create new files.
 	wp_enqueue_script( 'xfn' );
-	$requests_table = new WP_Privacy_Data_Export_Requests_Table( array(
+	$requests_table = new WP_Privacy_Data_Export_Requests_Table(
-		'plural'   => 'privacy_requests',
+		array(
-		'singular' => 'privacy_request',
+			'plural'   => 'privacy_requests',
-	) );
+			'singular' => 'privacy_request',
+			'screen'   => 'export_personal_data',
+		)
+	);
+	$requests_table->screen->set_screen_reader_content(
+		array(
+			'heading_views'      => __( 'Filter export personal data list' ),
+			'heading_pagination' => __( 'Export personal data list navigation' ),
+			'heading_list'       => __( 'Export personal data list' ),
+		)
+	);
 	$requests_table->process_bulk_action();
 	$requests_table->prepare_items();
 	?>
 	<div class="wrap nosubsub">
 		<h1><?php esc_html_e( 'Export Personal Data' ); ?></h1>
 		<hr class="wp-header-end" />
 		<?php settings_errors(); ?>
-		<form method="post" class="wp-privacy-request-form">
+		<form action="<?php echo esc_url( admin_url( 'tools.php?page=export_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">
 			<h2><?php esc_html_e( 'Add Data Export Request' ); ?></h2>
 			<p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
 			<div class="wp-privacy-request-form-field">
 				<label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
 	_wp_personal_data_cleanup_requests();
 	// "Borrow" xfn.js for now so we don't have to create new files.
 	wp_enqueue_script( 'xfn' );
-	$requests_table = new WP_Privacy_Data_Removal_Requests_Table( array(
+	$requests_table = new WP_Privacy_Data_Removal_Requests_Table(
-		'plural'   => 'privacy_requests',
+		array(
-		'singular' => 'privacy_request',
+			'plural'   => 'privacy_requests',
-	) );
+			'singular' => 'privacy_request',
+			'screen'   => 'remove_personal_data',
+		)
+	);
+	$requests_table->screen->set_screen_reader_content(
+		array(
+			'heading_views'      => __( 'Filter erase personal data list' ),
+			'heading_pagination' => __( 'Erase personal data list navigation' ),
+			'heading_list'       => __( 'Erase personal data list' ),
+		)
+	);
 	$requests_table->process_bulk_action();
 	$requests_table->prepare_items();
 	?>
 		<h1><?php esc_html_e( 'Erase Personal Data' ); ?></h1>
 		<hr class="wp-header-end" />
 		<?php settings_errors(); ?>
-		<form method="post" class="wp-privacy-request-form">
+		<form action="<?php echo esc_url( admin_url( 'tools.php?page=remove_personal_data' ) ); ?>" method="post" class="wp-privacy-request-form">
 			<h2><?php esc_html_e( 'Add Data Erasure Request' ); ?></h2>
 			<p><?php esc_html_e( 'An email will be sent to the user at this email address asking them to verify the request.' ); ?></p>
 			<div class="wp-privacy-request-form-field">
 				<label for="username_or_email_for_privacy_request"><?php esc_html_e( 'Username or email address' ); ?></label>
 * @since 4.9.8
 * @access private
 */
 function _wp_privacy_requests_screen_options() {
 	$args = array(
-		'option'  => str_replace( 'tools_page_', '', get_current_screen()->id ) . '_requests_per_page',
+		'option' => str_replace( 'tools_page_', '', get_current_screen()->id ) . '_requests_per_page',
 	);
 	add_screen_option( 'per_page', $args );
 }
 // TODO: move the following classes in new files.
 	 * @since 4.9.6
 	 *
 	 * @return array Default sortable columns.
 	 */
 	protected function get_sortable_columns() {
-		return array();
+		// The initial sorting is by 'Requested' (post_date) and descending.
+		// With initial sorting, the first click on 'Requested' should be ascending.
+		// With 'Requester' sorting active, the next click on 'Requested' should be descending.
+		$desc_first = isset( $_GET['orderby'] );
+		return array(
+			'email'             => 'requester',
+			'created_timestamp' => array( 'requested', $desc_first ),
+		);
 	}
 	/**
 	 * Default primary column.
 	 *
 		$current_status = isset( $_REQUEST['filter-status'] ) ? sanitize_text_field( $_REQUEST['filter-status'] ) : '';
 		$statuses       = _wp_privacy_statuses();
 		$views          = array();
 		$admin_url      = admin_url( 'tools.php?page=' . $this->request_type );
 		$counts         = $this->get_request_counts();
+		$total_requests = absint( array_sum( (array) $counts ) );
 		$current_link_attributes = empty( $current_status ) ? ' class="current" aria-current="page"' : '';
-		$views['all']            = '<a href="' . esc_url( $admin_url ) . "\" $current_link_attributes>" . esc_html__( 'All' ) . ' (' . absint( array_sum( (array) $counts ) ) . ')</a>';
+		$status_label            = sprintf(
+			/* translators: %s: all requests count */
+			_nx(
+				'All <span class="count">(%s)</span>',
+				'All <span class="count">(%s)</span>',
+				$total_requests,
+				'requests'
+			),
+			number_format_i18n( $total_requests )
+		);
+		$views['all'] = sprintf(
+			'<a href="%s"%s>%s</a>',
+			esc_url( $admin_url ),
+			$current_link_attributes,
+			$status_label
+		);
 		foreach ( $statuses as $status => $label ) {
+			$post_status = get_post_status_object( $status );
+			if ( ! $post_status ) {
+				continue;
+			}
 			$current_link_attributes = $status === $current_status ? ' class="current" aria-current="page"' : '';
-			$views[ $status ]        = '<a href="' . esc_url( add_query_arg( 'filter-status', $status, $admin_url ) ) . "\" $current_link_attributes>" . esc_html( $label ) . ' (' . absint( $counts->$status ) . ')</a>';
+			$total_status_requests   = absint( $counts->{$status} );
+			$status_label            = sprintf(
+				translate_nooped_plural( $post_status->label_count, $total_status_requests ),
+				number_format_i18n( $total_status_requests )
+			);
+			$status_link             = add_query_arg( 'filter-status', $status, $admin_url );
+			$views[ $status ] = sprintf(
+				'<a href="%s"%s>%s</a>',
+				esc_url( $status_link ),
+				$current_link_attributes,
+				$status_label
+			);
 		}
 		return $views;
 	}
 	 * @since 4.9.6
 	 */
 	public function process_bulk_action() {
 		$action      = $this->current_action();
 		$request_ids = isset( $_REQUEST['request_id'] ) ? wp_parse_id_list( wp_unslash( $_REQUEST['request_id'] ) ) : array();
-		$count       = 0;
+		$count = 0;
 		if ( $request_ids ) {
 			check_admin_referer( 'bulk-privacy_requests' );
 		}
 	/**
 	 * Prepare items to output.
 	 *
 	 * @since 4.9.6
+	 * @since 5.1.0 Added support for column sorting.
 	 */
 	public function prepare_items() {
 		global $wpdb;
-		$primary               = $this->get_primary_column_name();
-		$this->_column_headers = array(
-			$this->get_columns(),
-			array(),
-			$this->get_sortable_columns(),
-			$primary,
-		);
 		$this->items    = array();
 		$posts_per_page = $this->get_items_per_page( $this->request_type . '_requests_per_page' );
 		$args           = array(
 			'post_type'      => $this->post_type,
 			'offset'         => isset( $_REQUEST['paged'] ) ? max( 0, absint( $_REQUEST['paged'] ) - 1 ) * $posts_per_page : 0,
 			'post_status'    => 'any',
 			's'              => isset( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '',
 		);
+		$orderby_mapping = array(
+			'requester' => 'post_title',
+			'requested' => 'post_date',
+		);
+		if ( isset( $_REQUEST['orderby'] ) && isset( $orderby_mapping[ $_REQUEST['orderby'] ] ) ) {
+			$args['orderby'] = $orderby_mapping[ $_REQUEST['orderby'] ];
+		}
+		if ( isset( $_REQUEST['order'] ) && in_array( strtoupper( $_REQUEST['order'] ), array( 'ASC', 'DESC' ), true ) ) {
+			$args['order'] = strtoupper( $_REQUEST['order'] );
+		}
 		if ( ! empty( $_REQUEST['filter-status'] ) ) {
 			$filter_status       = isset( $_REQUEST['filter-status'] ) ? sanitize_text_field( $_REQUEST['filter-status'] ) : '';
 			$args['post_status'] = $filter_status;
 		}
 	protected function get_timestamp_as_date( $timestamp ) {
 		if ( empty( $timestamp ) ) {
 			return '';
 		}
-		$time_diff = current_time( 'timestamp', true ) - $timestamp;
+		$time_diff = time() - $timestamp;
 		if ( $time_diff >= 0 && $time_diff < DAY_IN_SECONDS ) {
 			/* translators: human readable timestamp */
 			return sprintf( __( '%s ago' ), human_time_diff( $timestamp ) );
 		}
 			'">';
 		$download_data_markup .= '<span class="export-personal-data-idle"><button type="button" class="button-link export-personal-data-handle">' . __( 'Download Personal Data' ) . '</button></span>' .
 			'<span style="display:none" class="export-personal-data-processing" >' . __( 'Downloading Data...' ) . '</span>' .
 			'<span style="display:none" class="export-personal-data-success"><button type="button" class="button-link export-personal-data-handle">' . __( 'Download Personal Data Again' ) . '</button></span>' .
-			'<span style="display:none" class="export-personal-data-failed">' . __( 'Download has failed.' ) . ' <button type="button" class="button-link">' . __( 'Retry' ) . '</button></span>';
+			'<span style="display:none" class="export-personal-data-failed">' . __( 'Download failed.' ) . ' <button type="button" class="button-link">' . __( 'Retry' ) . '</button></span>';
 		$download_data_markup .= '</div>';
 		$row_actions = array(
 			'download-data' => $download_data_markup,
 					'data-request-id="' . esc_attr( $request_id ) . '" ' .
 					'data-nonce="' . esc_attr( $nonce ) .
 					'">';
 				?>
-				<span class="export-personal-data-idle"><button type="button" class="button export-personal-data-handle"><?php _e( 'Email Data' ); ?></button></span>
+				<span class="export-personal-data-idle"><button type="button" class="button export-personal-data-handle"><?php _e( 'Send Export Link' ); ?></button></span>
 				<span style="display:none" class="export-personal-data-processing button updating-message" ><?php _e( 'Sending Email...' ); ?></span>
 				<span style="display:none" class="export-personal-data-success success-message" ><?php _e( 'Email sent.' ); ?></span>
 				<span style="display:none" class="export-personal-data-failed"><?php _e( 'Email could not be sent.' ); ?> <button type="button" class="button export-personal-data-handle"><?php _e( 'Retry' ); ?></button></span>
 				<?php
 				break;
 			case 'request-failed':
 				submit_button( __( 'Retry' ), 'secondary', 'privacy_action_email_retry[' . $item->ID . ']', false );
 				break;
 			case 'request-completed':
-				echo '<a href="' . esc_url( wp_nonce_url( add_query_arg( array(
+				echo '<a href="' . esc_url(
-					'action'     => 'delete',
+					wp_nonce_url(
-					'request_id' => array( $item->ID ),
+						add_query_arg(
-				), admin_url( 'tools.php?page=export_personal_data' ) ), 'bulk-privacy_requests' ) ) . '" class="button">' . esc_html__( 'Remove request' ) . '</a>';
+							array(
+								'action'     => 'delete',
+								'request_id' => array( $item->ID ),
+							),
+							admin_url( 'tools.php?page=export_personal_data' )
+						),
+						'bulk-privacy_requests'
+					)
+				) . '" class="button">' . esc_html__( 'Remove request' ) . '</a>';
 				break;
 		}
 	}
 }
 				break;
 			case 'request-failed':
 				submit_button( __( 'Retry' ), 'secondary', 'privacy_action_email_retry[' . $item->ID . ']', false );
 				break;
 			case 'request-completed':
-				echo '<a href="' . esc_url( wp_nonce_url( add_query_arg( array(
+				echo '<a href="' . esc_url(
-					'action'     => 'delete',
+					wp_nonce_url(
-					'request_id' => array( $item->ID ),
+						add_query_arg(
-				), admin_url( 'tools.php?page=remove_personal_data' ) ), 'bulk-privacy_requests' ) ) . '" class="button">' . esc_html__( 'Remove request' ) . '</a>';
+							array(
+								'action'     => 'delete',
+								'request_id' => array( $item->ID ),
+							),
+							admin_url( 'tools.php?page=remove_personal_data' )
+						),
+						'bulk-privacy_requests'
+					)
+				) . '" class="button">' . esc_html__( 'Remove request' ) . '</a>';
 				break;
 		}
 	}
 }

changeset 9	177826044cd9
parent 7	cf61fcea0001
child 16	a86126ab1dd4