/**
* Communicates the sidebars that appeared on the page at the very end of the page,
* and at the very end of the wp_footer,
*
* @since 3.9.0
* @access public
*
* @global array $wp_registered_sidebars
* @global array $wp_registered_widgets
*/
public function export_preview_data()
{
global $wp_registered_sidebars, $wp_registered_widgets;
$switched_locale = switch_to_locale(get_user_locale());
$l10n = array('widgetTooltip' => __('Shift-click to edit this widget.'));
if ($switched_locale) {
restore_previous_locale();
}
// Prepare Customizer settings to pass to JavaScript.
$settings = array('renderedSidebars' => array_fill_keys(array_unique($this->rendered_sidebars), true), 'renderedWidgets' => array_fill_keys(array_keys($this->rendered_widgets), true), 'registeredSidebars' => array_values($wp_registered_sidebars), 'registeredWidgets' => $wp_registered_widgets, 'l10n' => $l10n, 'selectiveRefreshableWidgets' => $this->get_selective_refreshable_widgets());
foreach ($settings['registeredWidgets'] as &$registered_widget) {
unset($registered_widget['callback']);
// may not be JSON-serializeable
}
?>
<script type="text/javascript">
var _wpWidgetCustomizerPreviewSettings = <?php
echo wp_json_encode($settings);
?>
;
</script>
<?php
}
/**
* Exports data in preview after it has finished rendering so that partials can be added at runtime.
*
* @since 4.5.0
* @access public
*/
public function export_preview_data()
{
$partials = array();
foreach ($this->partials() as $partial) {
if ($partial->check_capabilities()) {
$partials[$partial->id] = $partial->json();
}
}
$switched_locale = switch_to_locale(get_user_locale());
$l10n = array('shiftClickToEdit' => __('Shift-click to edit this element.'), 'clickEditMenu' => __('Click to edit this menu.'), 'clickEditWidget' => __('Click to edit this widget.'), 'clickEditTitle' => __('Click to edit the site title.'), 'clickEditMisc' => __('Click to edit this element.'), 'badDocumentWrite' => sprintf(__('%s is forbidden'), 'document.write()'));
if ($switched_locale) {
restore_previous_locale();
}
$exports = array('partials' => $partials, 'renderQueryVar' => self::RENDER_QUERY_VAR, 'l10n' => $l10n);
// Export data to JS.
echo sprintf('<script>var _customizePartialRefreshExports = %s;</script>', wp_json_encode($exports));
}
public function test_restore_previous_locale_restores_wp_locale_global()
{
global $wp_locale;
$expected = array('thousands_sep' => ',', 'decimal_point' => '.');
switch_to_locale('de_DE');
restore_previous_locale();
$this->assertEqualSetsWithIndex($expected, $wp_locale->number_format);
}
/**
* @ticket 26511
*/
public function test_theme_translation_after_switching_locale()
{
switch_theme('internationalized-theme');
require_once get_stylesheet_directory() . '/functions.php';
switch_to_locale('de_DE');
$expected = i18n_theme_test();
restore_previous_locale();
switch_theme(WP_DEFAULT_THEME);
$this->assertSame('Das ist ein Dummy Theme', $expected);
}
/**
* Update a user in the database.
*
* It is possible to update a user's password by specifying the 'user_pass'
* value in the $userdata parameter array.
*
* If current user's password is being updated, then the cookies will be
* cleared.
*
* @since 2.0.0
*
* @see wp_insert_user() For what fields can be set in $userdata.
*
* @param mixed $userdata An array of user data or a user object of type stdClass or WP_User.
* @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated.
*/
function wp_update_user($userdata)
{
if ($userdata instanceof stdClass) {
$userdata = get_object_vars($userdata);
} elseif ($userdata instanceof WP_User) {
$userdata = $userdata->to_array();
}
$ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0;
if (!$ID) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
// First, get all of the original fields
$user_obj = get_userdata($ID);
if (!$user_obj) {
return new WP_Error('invalid_user_id', __('Invalid user ID.'));
}
$user = $user_obj->to_array();
// Add additional custom fields
foreach (_get_additional_user_keys($user_obj) as $key) {
$user[$key] = get_user_meta($ID, $key, true);
}
// Escape data pulled from DB.
$user = add_magic_quotes($user);
if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) {
// If password is changing, hash it now
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
/**
* Filters whether to send the password change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata);
}
if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) {
/**
* Filters whether to send the email change email.
*
* @since 4.3.0
*
* @see wp_insert_user() For `$user` and `$userdata` fields.
*
* @param bool $send Whether to send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata);
}
wp_cache_delete($user['user_email'], 'useremail');
wp_cache_delete($user['user_nicename'], 'userslugs');
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
if (!is_wp_error($user_id)) {
$blog_name = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$switched_locale = false;
if (!empty($send_password_change_email) || !empty($send_email_change_email)) {
$switched_locale = switch_to_locale(get_user_locale($user_id));
}
if (!empty($send_password_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$pass_change_text = __('Hi ###USERNAME###,
This notice confirms that your password was changed on ###SITENAME###.
If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => '');
/**
* Filters the contents of the email sent when the user's password is changed.
*
* @since 4.3.0
*
* @param array $pass_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients. Add emails in a comma separated string.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers. Add headers in a newline (\r\n) separated string.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata);
$pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITENAME###', $blog_name, $pass_change_email['message']);
$pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']);
wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']);
}
if (!empty($send_email_change_email)) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_change_text = __('Hi ###USERNAME###,
This notice confirms that your email was changed on ###SITENAME###.
If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
$email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => '');
/**
* Filters the contents of the email sent when the user's email is changed.
*
* @since 4.3.0
*
* @param array $email_change_email {
* Used to build wp_mail().
* @type string $to The intended recipients.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* - ###USERNAME### The current user's username.
* - ###ADMIN_EMAIL### The admin email in case this was unexpected.
* - ###EMAIL### The old email.
* - ###SITENAME### The name of the site.
* - ###SITEURL### The URL to the site.
* @type string $headers Headers.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*/
$email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata);
$email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']);
$email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITENAME###', $blog_name, $email_change_email['message']);
$email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']);
wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']);
}
if ($switched_locale) {
restore_previous_locale();
}
}
// Update the cookies if the password changed.
$current_user = wp_get_current_user();
if ($current_user->ID == $ID) {
if (isset($plaintext_pass)) {
wp_clear_auth_cookie();
// Here we calculate the expiration length of the current auth cookie and compare it to the default expiration.
// If it's greater than this, then we know the user checked 'Remember Me' when they logged in.
$logged_in_cookie = wp_parse_auth_cookie('', 'logged_in');
/** This filter is documented in wp-includes/pluggable.php */
$default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false);
$remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life;
wp_set_auth_cookie($ID, $remember);
}
}
return $user_id;
}
/**
* Print JavaScript settings for preview frame.
*
* @since 3.4.0
*/
public function customize_preview_settings()
{
$post_values = $this->unsanitized_post_values(array('exclude_changeset' => true));
$setting_validities = $this->validate_setting_values($post_values);
$exported_setting_validities = array_map(array($this, 'prepare_setting_validity_for_js'), $setting_validities);
// Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installs.
$self_url = empty($_SERVER['REQUEST_URI']) ? home_url('/') : esc_url_raw(wp_unslash($_SERVER['REQUEST_URI']));
$state_query_params = array('customize_theme', 'customize_changeset_uuid', 'customize_messenger_channel');
$self_url = remove_query_arg($state_query_params, $self_url);
$allowed_urls = $this->get_allowed_urls();
$allowed_hosts = array();
foreach ($allowed_urls as $allowed_url) {
$parsed = wp_parse_url($allowed_url);
if (empty($parsed['host'])) {
continue;
}
$host = $parsed['host'];
if (!empty($parsed['port'])) {
$host .= ':' . $parsed['port'];
}
$allowed_hosts[] = $host;
}
$switched_locale = switch_to_locale(get_user_locale());
$l10n = array('shiftClickToEdit' => __('Shift-click to edit this element.'), 'linkUnpreviewable' => __('This link is not live-previewable.'), 'formUnpreviewable' => __('This form is not live-previewable.'));
if ($switched_locale) {
restore_previous_locale();
}
$settings = array('changeset' => array('uuid' => $this->_changeset_uuid), 'timeouts' => array('selectiveRefresh' => 250, 'keepAliveSend' => 1000), 'theme' => array('stylesheet' => $this->get_stylesheet(), 'active' => $this->is_theme_active()), 'url' => array('self' => $self_url, 'allowed' => array_map('esc_url_raw', $this->get_allowed_urls()), 'allowedHosts' => array_unique($allowed_hosts), 'isCrossDomain' => $this->is_cross_domain()), 'channel' => $this->messenger_channel, 'activePanels' => array(), 'activeSections' => array(), 'activeControls' => array(), 'settingValidities' => $exported_setting_validities, 'nonce' => current_user_can('customize') ? $this->get_nonces() : array(), 'l10n' => $l10n, '_dirty' => array_keys($post_values));
foreach ($this->panels as $panel_id => $panel) {
if ($panel->check_capabilities()) {
$settings['activePanels'][$panel_id] = $panel->active();
foreach ($panel->sections as $section_id => $section) {
if ($section->check_capabilities()) {
$settings['activeSections'][$section_id] = $section->active();
}
}
}
}
foreach ($this->sections as $id => $section) {
if ($section->check_capabilities()) {
$settings['activeSections'][$id] = $section->active();
}
}
foreach ($this->controls as $id => $control) {
if ($control->check_capabilities()) {
$settings['activeControls'][$id] = $control->active();
}
}
?>
<script type="text/javascript">
var _wpCustomizeSettings = <?php
echo wp_json_encode($settings);
?>
;
_wpCustomizeSettings.values = {};
(function( v ) {
<?php
/*
* Serialize settings separately from the initial _wpCustomizeSettings
* serialization in order to avoid a peak memory usage spike.
* @todo We may not even need to export the values at all since the pane syncs them anyway.
*/
foreach ($this->settings as $id => $setting) {
if ($setting->check_capabilities()) {
printf("v[%s] = %s;\n", wp_json_encode($id), wp_json_encode($setting->js_value()));
}
}
?>
})( _wpCustomizeSettings.values );
</script>
<?php
}
* @param array $role The role of invited user.
* @param string $newuser_key The key of the invitation.
*/
do_action('invite_user', $user_id, $role, $newuser_key);
$switched_locale = switch_to_locale(get_user_locale($user_details));
/* translators: 1: Site name, 2: site URL, 3: role, 4: activation URL */
$message = __('Hi,
You\'ve been invited to join \'%1$s\' at
%2$s with the role of %3$s.
Please click the following link to confirm the invite:
%4$s');
wp_mail($new_user_email, sprintf(__('[%s] Joining confirmation'), wp_specialchars_decode(get_option('blogname'))), sprintf($message, get_option('blogname'), home_url(), wp_specialchars_decode(translate_user_role($role['name'])), home_url("/newbloguser/{$newuser_key}/")));
if ($switched_locale) {
restore_previous_locale();
}
$redirect = add_query_arg(array('update' => 'add'), 'user-new.php');
}
}
wp_redirect($redirect);
die;
} elseif (isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action']) {
check_admin_referer('create-user', '_wpnonce_create-user');
if (!current_user_can('create_users')) {
wp_die('<h1>' . __('Cheatin’ uh?') . '</h1>' . '<p>' . __('Sorry, you are not allowed to create users.') . '</p>', 403);
}
if (!is_multisite()) {
$user_id = edit_user();
if (is_wp_error($user_id)) {
$add_user_errors = $user_id;
/**
* Sends an email when an email address change is requested.
*
* @since 3.0.0
*
* @global WP_Error $errors WP_Error object.
* @global wpdb $wpdb WordPress database object.
*/
function send_confirmation_on_profile_email()
{
global $errors, $wpdb;
$current_user = wp_get_current_user();
if (!is_object($errors)) {
$errors = new WP_Error();
}
if ($current_user->ID != $_POST['user_id']) {
return false;
}
if ($current_user->user_email != $_POST['email']) {
if (!is_email($_POST['email'])) {
$errors->add('user_email', __("<strong>ERROR</strong>: The email address isn’t correct."), array('form-field' => 'email'));
return;
}
if ($wpdb->get_var($wpdb->prepare("SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email']))) {
$errors->add('user_email', __("<strong>ERROR</strong>: The email address is already used."), array('form-field' => 'email'));
delete_user_meta($current_user->ID, '_new_email');
return;
}
$hash = md5($_POST['email'] . time() . mt_rand());
$new_user_email = array('hash' => $hash, 'newemail' => $_POST['email']);
update_user_meta($current_user->ID, '_new_email', $new_user_email);
$switched_locale = switch_to_locale(get_user_locale());
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __('Howdy ###USERNAME###,
You recently requested to have the email address on your account changed.
If this is correct, please click on the following link to change it:
###ADMIN_URL###
You can safely ignore and delete this email if you do not want to
take this action.
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###');
/**
* Filters the email text sent when a user changes emails.
*
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_URL### The link to click on to confirm the email change.
* ###EMAIL### The new email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
* @since MU
*
* @param string $email_text Text in the email.
* @param string $new_user_email New user email that the current user has changed to.
*/
$content = apply_filters('new_user_email_content', $email_text, $new_user_email);
$content = str_replace('###USERNAME###', $current_user->user_login, $content);
$content = str_replace('###ADMIN_URL###', esc_url(self_admin_url('profile.php?newuseremail=' . $hash)), $content);
$content = str_replace('###EMAIL###', $_POST['email'], $content);
$content = str_replace('###SITENAME###', get_site_option('site_name'), $content);
$content = str_replace('###SITEURL###', network_home_url(), $content);
wp_mail($_POST['email'], sprintf(__('[%s] New Email Address'), wp_specialchars_decode(get_option('blogname'))), $content);
$_POST['email'] = $current_user->user_email;
if ($switched_locale) {
restore_previous_locale();
}
}
}
/**
* Notify a user that their account activation has been successful.
*
* Filter {@see 'wpmu_welcome_user_notification'} to disable or bypass.
*
* Filter {@see 'update_welcome_user_email'} and {@see 'update_welcome_user_subject'} to
* modify the content and subject line of the notification email.
*
* @since MU
*
* @param int $user_id
* @param string $password
* @param array $meta Optional. Not used in the default function, but is passed along to hooks for customization.
* @return bool
*/
function wpmu_welcome_user_notification($user_id, $password, $meta = array())
{
$current_network = get_network();
/**
* Filters whether to bypass the welcome email after user activation.
*
* Returning false disables the welcome email.
*
* @since MU
*
* @param int $user_id User ID.
* @param string $password User password.
* @param array $meta Signup meta data.
*/
if (!apply_filters('wpmu_welcome_user_notification', $user_id, $password, $meta)) {
return false;
}
$welcome_email = get_site_option('welcome_user_email');
$user = get_userdata($user_id);
$switched_locale = switch_to_locale(get_user_locale($user));
/**
* Filters the content of the welcome email after user activation.
*
* Content should be formatted for transmission via wp_mail().
*
* @since MU
*
* @param string $welcome_email The message body of the account activation success email.
* @param int $user_id User ID.
* @param string $password User password.
* @param array $meta Signup meta data.
*/
$welcome_email = apply_filters('update_welcome_user_email', $welcome_email, $user_id, $password, $meta);
$welcome_email = str_replace('SITE_NAME', $current_network->site_name, $welcome_email);
$welcome_email = str_replace('USERNAME', $user->user_login, $welcome_email);
$welcome_email = str_replace('PASSWORD', $password, $welcome_email);
$welcome_email = str_replace('LOGINLINK', wp_login_url(), $welcome_email);
$admin_email = get_site_option('admin_email');
if ($admin_email == '') {
$admin_email = 'support@' . $_SERVER['SERVER_NAME'];
}
$from_name = get_site_option('site_name') == '' ? 'WordPress' : esc_html(get_site_option('site_name'));
$message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
$message = $welcome_email;
if (empty($current_network->site_name)) {
$current_network->site_name = 'WordPress';
}
/* translators: New user notification email subject. 1: Network name, 2: New user login */
$subject = __('New %1$s User: %2$s');
/**
* Filters the subject of the welcome email after user activation.
*
* @since MU
*
* @param string $subject Subject of the email.
*/
$subject = apply_filters('update_welcome_user_subject', sprintf($subject, $current_network->site_name, $user->user_login));
wp_mail($user->user_email, wp_specialchars_decode($subject), $message, $message_headers);
if ($switched_locale) {
restore_previous_locale();
}
return true;
}
/**
* Email login credentials to a newly-registered user.
*
* A new user registration notification is also sent to admin email.
*
* @since 2.0.0
* @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
* @since 4.3.1 The `$plaintext_pass` parameter was deprecated. `$notify` added as a third parameter.
* @since 4.6.0 The `$notify` parameter accepts 'user' for sending notification only to the user created.
*
* @global wpdb $wpdb WordPress database object for queries.
* @global PasswordHash $wp_hasher Portable PHP password hashing framework instance.
*
* @param int $user_id User ID.
* @param null $deprecated Not used (argument deprecated).
* @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty
* string (admin only), 'user', or 'both' (admin and user). Default empty.
*/
function wp_new_user_notification($user_id, $deprecated = null, $notify = '')
{
if ($deprecated !== null) {
_deprecated_argument(__FUNCTION__, '4.3.1');
}
global $wpdb, $wp_hasher;
$user = get_userdata($user_id);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
if ('user' !== $notify) {
$switched_locale = switch_to_locale(get_locale());
$message = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= sprintf(__('Email: %s'), $user->user_email) . "\r\n";
@wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
if ($switched_locale) {
restore_previous_locale();
}
}
// `$deprecated was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notification.
if ('admin' === $notify || empty($deprecated) && empty($notify)) {
return;
}
// Generate something random for a password reset key.
$key = wp_generate_password(20, false);
/** This action is documented in wp-login.php */
do_action('retrieve_password_key', $user->user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($wp_hasher)) {
$wp_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $wp_hasher->HashPassword($key);
$wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login));
$switched_locale = switch_to_locale(get_user_locale($user));
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= __('To set your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n\r\n";
$message .= wp_login_url() . "\r\n";
wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message);
if ($switched_locale) {
restore_previous_locale();
}
}
