diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-includes/ms-functions.php --- a/wp/wp-includes/ms-functions.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-includes/ms-functions.php Fri Sep 05 18:52:52 2025 +0200 @@ -71,18 +71,26 @@ } } - if ( ( ! is_object( $primary ) ) || ( 1 == $primary->archived || 1 == $primary->spam || 1 == $primary->deleted ) ) { + if ( ( ! is_object( $primary ) ) + || ( '1' === $primary->archived || '1' === $primary->spam || '1' === $primary->deleted ) + ) { $blogs = get_blogs_of_user( $user_id, true ); // If a user's primary blog is shut down, check their other blogs. $ret = false; + if ( is_array( $blogs ) && count( $blogs ) > 0 ) { + $current_network_id = get_current_network_id(); + foreach ( (array) $blogs as $blog_id => $blog ) { - if ( get_current_network_id() != $blog->site_id ) { + if ( $blog->site_id !== $current_network_id ) { continue; } + $details = get_site( $blog_id ); - if ( is_object( $details ) && 0 == $details->archived && 0 == $details->spam && 0 == $details->deleted ) { + if ( is_object( $details ) + && '0' === $details->archived && '0' === $details->spam && '0' === $details->deleted + ) { $ret = $details; - if ( get_user_meta( $user_id, 'primary_blog', true ) != $blog_id ) { + if ( (int) get_user_meta( $user_id, 'primary_blog', true ) !== $blog_id ) { update_user_meta( $user_id, 'primary_blog', $blog_id ); } if ( ! get_user_meta( $user_id, 'source_domain', true ) ) { @@ -94,6 +102,7 @@ } else { return; } + return $ret; } else { return $primary; @@ -230,8 +239,10 @@ function remove_user_from_blog( $user_id, $blog_id = 0, $reassign = 0 ) { global $wpdb; + $user_id = (int) $user_id; + $blog_id = (int) $blog_id; + switch_to_blog( $blog_id ); - $user_id = (int) $user_id; /** * Fires before a user is removed from a site. @@ -249,13 +260,13 @@ * If being removed from the primary blog, set a new primary * if the user is assigned to multiple blogs. */ - $primary_blog = get_user_meta( $user_id, 'primary_blog', true ); - if ( $primary_blog == $blog_id ) { + $primary_blog = (int) get_user_meta( $user_id, 'primary_blog', true ); + if ( $primary_blog === $blog_id ) { $new_id = ''; $new_domain = ''; $blogs = get_blogs_of_user( $user_id ); foreach ( (array) $blogs as $blog ) { - if ( $blog->userblog_id == $blog_id ) { + if ( $blog->userblog_id === $blog_id ) { continue; } $new_id = $blog->userblog_id; @@ -341,7 +352,7 @@ $path = strtolower( $path ); $id = wp_cache_get( md5( $domain . $path ), 'blog-id-cache' ); - if ( -1 == $id ) { // Blog does not exist. + if ( -1 === $id ) { // Blog does not exist. return 0; } elseif ( $id ) { return (int) $id; @@ -462,7 +473,7 @@ $orig_username = $user_name; $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); - if ( $user_name != $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { + if ( $user_name !== $orig_username || preg_match( '/[^a-z0-9]/', $user_name ) ) { $errors->add( 'user_name', __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) ); $user_name = $orig_username; } @@ -474,10 +485,12 @@ } $illegal_names = get_site_option( 'illegal_names' ); + if ( ! is_array( $illegal_names ) ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } + if ( in_array( $user_name, $illegal_names, true ) ) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } @@ -509,10 +522,12 @@ } $limited_email_domains = get_site_option( 'limited_email_domains' ); + if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { $limited_email_domains = array_map( 'strtolower', $limited_email_domains ); - $emaildomain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) ); - if ( ! in_array( $emaildomain, $limited_email_domains, true ) ) { + $email_domain = strtolower( substr( $user_email, 1 + strpos( $user_email, '@' ) ) ); + + if ( ! in_array( $email_domain, $limited_email_domains, true ) ) { $errors->add( 'user_email', __( 'Sorry, that email address is not allowed!' ) ); } } @@ -630,7 +645,8 @@ $errors = new WP_Error(); $illegal_names = get_site_option( 'illegal_names' ); - if ( false == $illegal_names ) { + + if ( ! is_array( $illegal_names ) ) { $illegal_names = array( 'www', 'web', 'root', 'admin', 'main', 'invite', 'administrator' ); add_site_option( 'illegal_names', $illegal_names ); } @@ -714,7 +730,7 @@ * unless it's the user's own username. */ if ( username_exists( $blogname ) ) { - if ( ! is_object( $user ) || ( is_object( $user ) && ( $user->user_login != $blogname ) ) ) { + if ( ! is_object( $user ) || ( is_object( $user ) && $user->user_login !== $blogname ) ) { $errors->add( 'blogname', __( 'Sorry, that site is reserved!' ) ); } } @@ -922,7 +938,16 @@ * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. * @return bool */ -function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array() ) { +function wpmu_signup_blog_notification( + $domain, + $path, + $title, + $user_login, + $user_email, + #[\SensitiveParameter] + $key, + $meta = array() +) { /** * Filters whether to bypass the new site email notification. * @@ -941,7 +966,7 @@ } // Send email with activation link. - if ( ! is_subdomain_install() || get_current_network_id() != 1 ) { + if ( ! is_subdomain_install() || get_current_network_id() !== 1 ) { $activate_url = network_site_url( "wp-activate.php?key=$key" ); } else { $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key"; // @todo Use *_url() API. @@ -1057,7 +1082,13 @@ * @param array $meta Optional. Signup meta data. Default empty array. * @return bool */ -function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array() ) { +function wpmu_signup_user_notification( + $user_login, + $user_email, + #[\SensitiveParameter] + $key, + $meta = array() +) { /** * Filters whether to bypass the email notification for new user sign-up. * @@ -1159,7 +1190,10 @@ * @param string $key The activation key provided to the user. * @return array|WP_Error An array containing information about the activated user and/or blog. */ -function wpmu_activate_signup( $key ) { +function wpmu_activate_signup( + #[\SensitiveParameter] + $key +) { global $wpdb; $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key ) ); @@ -1311,7 +1345,12 @@ * @param string $email The new user's email address. * @return int|false Returns false on failure, or int $user_id on success. */ -function wpmu_create_user( $user_name, $password, $email ) { +function wpmu_create_user( + $user_name, + #[\SensitiveParameter] + $password, + $email +) { $user_name = preg_replace( '/\s+/', '', sanitize_user( $user_name, true ) ); $user_id = wp_create_user( $user_name, $password, $email ); @@ -1433,7 +1472,7 @@ $email = get_site_option( 'admin_email' ); - if ( is_email( $email ) == false ) { + if ( ! is_email( $email ) ) { return false; } @@ -1494,7 +1533,7 @@ $email = get_site_option( 'admin_email' ); - if ( is_email( $email ) == false ) { + if ( ! is_email( $email ) ) { return false; } @@ -1595,7 +1634,14 @@ * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. * @return bool Whether the email notification was sent. */ -function wpmu_welcome_notification( $blog_id, $user_id, $password, $title, $meta = array() ) { +function wpmu_welcome_notification( + $blog_id, + $user_id, + #[\SensitiveParameter] + $password, + $title, + $meta = array() +) { $current_network = get_network(); /** @@ -1620,7 +1666,8 @@ $switched_locale = switch_to_user_locale( $user_id ); $welcome_email = get_site_option( 'welcome_email' ); - if ( false == $welcome_email ) { + + if ( ! $welcome_email ) { /* translators: Do not translate USERNAME, SITE_NAME, BLOG_URL, PASSWORD: those are placeholders. */ $welcome_email = __( 'Howdy USERNAME, @@ -1828,7 +1875,12 @@ * @param array $meta Optional. Signup meta data. Default empty array. * @return bool */ -function wpmu_welcome_user_notification( $user_id, $password, $meta = array() ) { +function wpmu_welcome_user_notification( + $user_id, + #[\SensitiveParameter] + $password, + $meta = array() +) { $current_network = get_network(); /** @@ -2021,7 +2073,7 @@ */ function update_posts_count( $deprecated = '' ) { global $wpdb; - update_option( 'post_count', (int) $wpdb->get_var( "SELECT COUNT(ID) FROM {$wpdb->posts} WHERE post_status = 'publish' and post_type = 'post'" ) ); + update_option( 'post_count', (int) $wpdb->get_var( "SELECT COUNT(ID) FROM {$wpdb->posts} WHERE post_status = 'publish' and post_type = 'post'" ), true ); } /** @@ -2254,7 +2306,12 @@ * @param string $password User password. Ignored. * @param array $meta Signup meta data. */ -function add_new_user_to_blog( $user_id, $password, $meta ) { +function add_new_user_to_blog( + $user_id, + #[\SensitiveParameter] + $password, + $meta +) { if ( ! empty( $meta['add_to_blog'] ) ) { $blog_id = $meta['add_to_blog']; $role = $meta['new_role']; @@ -2273,7 +2330,7 @@ * * @since MU (3.0.0) * - * @param PHPMailer $phpmailer The PHPMailer instance (passed by reference). + * @param PHPMailer\PHPMailer\PHPMailer $phpmailer The PHPMailer instance (passed by reference). */ function fix_phpmailer_messageid( $phpmailer ) { $phpmailer->Hostname = get_network()->domain; @@ -2297,7 +2354,7 @@ } } - return $user && isset( $user->spam ) && 1 == $user->spam; + return $user && isset( $user->spam ) && '1' === $user->spam; } /**