diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-08-28 16:37:29 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-08-28 16:37:29 +0000 |
| commit | b0ec25b6a0a49fb6937a650625dcfca406016f6e (patch) | |
| tree | 0c850efa78f7367f662431d1664fad453b5f5439 | |
| parent | 2841bbfd327625d091217599d9331ccc9d0d1739 (diff) | |
| download | wordpress-mu-b0ec25b6a0a49fb6937a650625dcfca406016f6e.tar.gz wordpress-mu-b0ec25b6a0a49fb6937a650625dcfca406016f6e.tar.xz wordpress-mu-b0ec25b6a0a49fb6937a650625dcfca406016f6e.zip | |
Massive cleanup of wpmu-functions, props momo360modena, fixes #719
git-svn-id: http://svn.automattic.com/wordpress-mu/branches/2.6@1450 7be80a69-a1ef-0310-a953-fb0f7c49ff36
| -rw-r--r-- | wp-includes/wpmu-default-filters.php | 45 | ||||
| -rw-r--r-- | wp-includes/wpmu-functions.php | 428 | ||||
| -rw-r--r-- | wp-settings.php | 1 |
3 files changed, 271 insertions, 203 deletions
diff --git a/wp-includes/wpmu-default-filters.php b/wp-includes/wpmu-default-filters.php new file mode 100644 index 0000000..2165973 --- /dev/null +++ b/wp-includes/wpmu-default-filters.php @@ -0,0 +1,45 @@ +<?php +// Users +add_filter ( 'wpmu_validate_user_signup', 'signup_nonce_check' ); +add_action ( 'init', 'add_existing_user_to_blog' ); +add_filter ( 'xmlrpc_methods', 'attach_wpmu_xmlrpc' ); +add_filter ( 'wp_authenticate_user', 'wordpressmu_authenticate_siteadmin', 10, 2 ); +add_action ( 'wpmu_new_user', 'newuser_notify_siteadmin' ); + +// Blogs +add_filter ( 'wpmu_validate_blog_signup', 'signup_nonce_check' ); +add_action ( 'wpmu_new_blog', 'wpmu_log_new_registrations', 10, 2 ); +add_action ( 'wpmu_new_blog', 'newblog_notify_siteadmin', 10, 2 ); + +// Register Nonce +add_action ( 'signup_hidden_fields', 'signup_nonce_fields' ); + +// Locale +add_filter ( 'locale', 'mu_locale' ); + +// Template +add_action ( 'template_redirect', 'maybe_redirect_404' ); +add_filter ( 'allowed_redirect_hosts', 'redirect_this_site' ); + +// Administration +add_filter ( 'mce_buttons_2', 'remove_tinymce_media_button' ); +add_action ( 'profile_personal_options', 'choose_primary_blog' ); +add_filter ( 'term_id_filter', 'global_terms', 10, 2 ); +add_action ( 'publish_post', 'update_posts_count' ); +add_action ( 'delete_post', 'wpmu_update_blogs_date' ); +add_action ( 'private_to_published', 'wpmu_update_blogs_date' ); +add_action ( 'publish_phone', 'wpmu_update_blogs_date' ); +add_action ( 'publish_post', 'wpmu_update_blogs_date' ); + +// Files +add_filter ( 'wp_upload_bits', 'upload_is_file_too_big' ); +add_filter ( 'import_upload_size_limit', 'fix_import_form_size' ); +add_filter ( 'upload_mimes', 'check_upload_mimes' ); +add_action ( 'upload_files_upload', 'upload_is_user_over_quota' ); +add_action ( 'upload_files_browse', 'upload_is_user_over_quota' ); +add_action ( 'upload_files_browse-all', 'upload_is_user_over_quota' ); +add_filter ( 'upload_dir', 'fix_upload_details' ); + +// Mail +add_filter ( 'wp_mail_from', 'wordpressmu_wp_mail_from' ); +?>
\ No newline at end of file diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php index 933bc39..ca32ad9 100644 --- a/wp-includes/wpmu-functions.php +++ b/wp-includes/wpmu-functions.php @@ -16,18 +16,13 @@ function load_muplugin_textdomain($domain, $path = false) { function wpmu_update_blogs_date() { global $wpdb; - - $wpdb->query( "UPDATE {$wpdb->blogs} SET last_updated = NOW() WHERE blog_id = '{$wpdb->blogid}'" ); + + $wpdb->update( $wpdb->blogs, array('last_updated' => current_time('mysql')), array('blog_id' => $wpdb->blogid) ); refresh_blog_details( $wpdb->blogid ); do_action( 'wpmu_blog_updated', $wpdb->blogid ); } -add_action('delete_post', 'wpmu_update_blogs_date'); -add_action('private_to_published', 'wpmu_update_blogs_date'); -add_action('publish_phone', 'wpmu_update_blogs_date'); -add_action('publish_post', 'wpmu_update_blogs_date'); - function get_blogaddress_by_id( $blog_id ) { $bloginfo = get_blog_details( (int) $blog_id, false ); // only get bare details! return clean_url("http://" . $bloginfo->domain . $bloginfo->path); @@ -70,7 +65,7 @@ function get_sitestats() { $count_ts = get_site_option( "get_user_count_ts" ); if( time() - $count_ts > 3600 ) { - $count = $wpdb->get_var( "SELECT count(*) as c FROM {$wpdb->users}" ); + $count = $wpdb->get_var( "SELECT COUNT(ID) FROM {$wpdb->users}" ); update_site_option( "user_count", $count ); update_site_option( "user_count_ts", time() ); } else { @@ -82,22 +77,22 @@ function get_sitestats() { function get_admin_users_for_domain( $sitedomain = '', $path = '' ) { global $wpdb; + if( $sitedomain == '' ) { $site_id = $wpdb->siteid; } else { - $site_id = $wpdb->get_var( "SELECT id FROM ".$wpdb->site." WHERE domain = '".$sitedomain."' AND path = '".$path."'" ); + $site_id = $wpdb->get_var( $wpdb->prepare("SELECT id FROM $wpdb->site WHERE domain = %s AND path = %s", $sitedomain, $path) ); } + if( $site_id != false ) { - $details = $wpdb->get_results( "SELECT ID, user_login, user_pass FROM ".$wpdb->users.", ".$wpdb->sitemeta." WHERE meta_key = 'admin_user_id' AND ".$wpdb->users.".ID = ".$wpdb->sitemeta.".meta_value AND ".$wpdb->sitemeta.".site_id = '".$site_id."'", ARRAY_A ); - } else { - $details = false; + return $wpdb->get_results( $wpdb->prepare("SELECT u.ID, u.user_login, u.user_pass FROM $wpdb->users AS u, $wpdb->sitemeta AS sm WHERE sm.meta_key = 'admin_user_id' AND u.ID = %d AND sm.site_id = %d", $wpdb->sitemeta.'.meta_value', $site_id), ARRAY_A ); } - return $details; + return false; } function get_user_details( $username ) { global $wpdb; - return $wpdb->get_row( "SELECT * FROM $wpdb->users WHERE user_login = '$username'" ); + return $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $username) ); } function is_main_blog() { @@ -116,7 +111,7 @@ function get_id_from_blogname( $name ) { $domain = $current_site->domain; $path = $current_site->path . $name; } - return $wpdb->get_var( "SELECT blog_id FROM {$wpdb->blogs} WHERE domain = '$domain' AND path = '$path'" ); + return $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM {$wpdb->blogs} WHERE domain = %s AND path = %s", $domain, $path) ); } function get_blog_details( $id, $getall = true ) { @@ -137,8 +132,7 @@ function get_blog_details( $id, $getall = true ) { return $details; } - $details = $wpdb->get_row( "SELECT * FROM $wpdb->blogs WHERE blog_id = '$id' /* get_blog_details */" ); - + $details = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->blogs WHERE blog_id = %d", $id) ); // get_blog_details ? if ( !$details ) { wp_cache_set( $id . $all, -1, 'blog-details' ); return false; @@ -205,8 +199,6 @@ function get_site_option( $key, $default = false, $use_cache = true ) { if ( false !== $pre ) return $pre; - $safe_key = $wpdb->escape( $key ); - if( $use_cache == true ) { $value = wp_cache_get($wpdb->siteid . $key, 'site-options'); } else { @@ -214,7 +206,7 @@ function get_site_option( $key, $default = false, $use_cache = true ) { } if ( false === $value ) { - $value = $wpdb->get_var("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = '$safe_key' AND site_id = '{$wpdb->siteid}'"); + $value = $wpdb->get_var( $wpdb->prepare("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = %s AND site_id = %d", $key, $wpdb->siteid) ); if ( ! is_null($value) ) { wp_cache_add($wpdb->siteid . $key, $value, 'site-options'); } elseif ( $default ) { @@ -236,9 +228,7 @@ function get_site_option( $key, $default = false, $use_cache = true ) { function add_site_option( $key, $value ) { global $wpdb; - $safe_key = $wpdb->escape( $key ); - - $exists = $wpdb->get_row("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = '$safe_key' AND site_id = '{$wpdb->siteid}'"); + $exists = $wpdb->get_row( $wpdb->prepare("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = %s AND site_id = %d", $key, $wpdb->siteid) ); if ( is_object( $exists ) ) {// If we already have it update_site_option( $key, $value ); return false; @@ -247,28 +237,26 @@ function add_site_option( $key, $value ) { if ( is_array($value) || is_object($value) ) $value = serialize($value); wp_cache_delete($wpdb->siteid . $key, 'site-options'); - $wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id , meta_key , meta_value ) VALUES ( '{$wpdb->siteid}', '$safe_key', '" . $wpdb->escape( $value ) . "')" ); - return $wpdb->insert_id; + + $wpdb->insert( $wpdb->sitemeta, array('site_id' => $wpdb->siteid, 'meta_key' => $key, 'meta_value' => $value) ); + return $wpdb->insert_id; } // expects $key, $value not to be SQL escaped function update_site_option( $key, $value ) { global $wpdb; - $safe_key = $wpdb->escape( $key ); - if ( $value == get_site_option( $key ) ) return false; - $exists = $wpdb->get_row("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = '$safe_key' AND site_id = '{$wpdb->siteid}'"); - + $exists = $wpdb->get_row( $wpdb->prepare("SELECT meta_value FROM $wpdb->sitemeta WHERE meta_key = %s AND site_id = %d", $key, $wpdb->siteid) ); if ( false == is_object( $exists ) ) // It's a new record return add_site_option( $key, $value ); if ( is_array($value) || is_object($value) ) $value = serialize($value); - $wpdb->query( "UPDATE $wpdb->sitemeta SET meta_value = '" . $wpdb->escape( $value ) . "' WHERE site_id='{$wpdb->siteid}' AND meta_key = '$safe_key'" ); + $wpdb->update( $wpdb->sitemeta, array('meta_value' => $value), array('site_id' => $wpdb->siteid, 'meta_key' => $key) ); wp_cache_delete( $wpdb->siteid . $key, 'site-options' ); return true; } @@ -276,20 +264,19 @@ function update_site_option( $key, $value ) { /* function get_blog_option( $id, $key, $default='na' ) { switch_to_blog($id); - $opt = get_option( $key ); + $option = get_option( $key ); restore_current_blog(); - - return $opt; + return $option; } */ -function get_blog_option( $blog_id, $setting, $default='na' ) { +function get_blog_option( $blog_id, $setting, $deprecated = '' ) { global $wpdb; $key = $blog_id."-".$setting."-blog_option"; $value = wp_cache_get( $key, "site-options" ); if( $value == null ) { - $row = $wpdb->get_row( "SELECT * FROM {$wpdb->base_prefix}{$blog_id}_options WHERE option_name = '{$setting}'" ); + $row = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->base_prefix}{$blog_id}_options WHERE option_name = %s", $setting) ); if( is_object( $row) ) { // Has to be get_row instead of get_var because of funkiness with 0, false, null values $value = $row->option_value; if( $value == false ) { @@ -320,22 +307,26 @@ function get_blog_option( $blog_id, $setting, $default='na' ) { } function add_blog_option( $id, $key, $value ) { + $id = (int) $id; + switch_to_blog($id); add_option( $key, $value ); restore_current_blog(); - $opt = $id."-".$key."-blog_option"; - wp_cache_set($opt, $value, 'site-options'); + wp_cache_set( $id."-".$key."-blog_option", $value, 'site-options' ); } function delete_blog_option( $id, $key ) { + $id = (int) $id; + switch_to_blog($id); delete_option( $key ); restore_current_blog(); - $opt = $id."-".$key."-blog_option"; - wp_cache_set($opt, '', 'site-options'); + wp_cache_set( $id."-".$key."-blog_option", '', 'site-options' ); } function update_blog_option( $id, $key, $value, $refresh = true ) { + $id = (int) $id; + switch_to_blog($id); update_option( $key, $value ); restore_current_blog(); @@ -350,7 +341,7 @@ function switch_to_blog( $new_blog ) { global $wpdb, $table_prefix, $blog_id, $switched, $switched_stack, $wp_roles, $current_user, $wp_object_cache; if ( empty($new_blog) ) - return; + return false; if ( empty($switched_stack) ) $switched_stack = array(); @@ -358,7 +349,7 @@ function switch_to_blog( $new_blog ) { $switched_stack[] = $blog_id; if ( $blog_id == $new_blog ) - return; + return false; $wp_object_cache->switched_cache[ $blog_id ] = $wp_object_cache->cache; unset( $wp_object_cache->cache ); @@ -379,17 +370,18 @@ function switch_to_blog( $new_blog ) { do_action('switch_blog', $blog_id, $prev_blog_id); $switched = true; + return true; } function restore_current_blog() { global $table_prefix, $wpdb, $blog_id, $switched, $switched_stack, $wp_roles, $current_user, $wp_object_cache; if ( !$switched ) - return; + return false; $blog = array_pop($switched_stack); if ( $blog_id == $blog ) - return; + return false; $wp_object_cache->cache = $wp_object_cache->switched_cache[ $blog ]; unset( $wp_object_cache->switched_cache[ $blog ] ); @@ -411,12 +403,13 @@ function restore_current_blog() { do_action('switch_blog', $blog_id, $prev_blog_id); $switched = false; + return true; } function get_blogs_of_user( $id, $all = false ) { global $wpdb; - $user = get_userdata( $id ); + $user = get_userdata( (int) $id ); if ( !$user ) return false; @@ -467,11 +460,15 @@ function get_active_blog_for_user( $user_id ) { // get an active blog for user - } } -function is_user_member_of_blog( $user_id, $blog_id = 0 ) { - global $wpdb; - if( $blog_id == 0 ) +function is_user_member_of_blog( $user_id, $blog_id = 0 ) { + $user_id = (int) $user_id; + $blog_id = (int) $blog_id; + + if( $blog_id == 0 ) { + global $wpdb; $blog_id = $wpdb->blogid; - + } + $blogs = get_blogs_of_user( $user_id ); if( is_array( $blogs ) ) { return array_key_exists( $blog_id, $blogs ); @@ -492,8 +489,7 @@ function update_archived( $id, $archived ) { function update_blog_status( $id, $pref, $value, $refresh = 1 ) { global $wpdb; - $wpdb->query( "UPDATE {$wpdb->blogs} SET {$pref} = '{$value}', last_updated = NOW() WHERE blog_id = '$id'" ); - + $wpdb->update( $wpdb->blogs, array($pref => $value, 'last_updated' => current_time('mysql')), array('blog_id' => $id) ); if( $refresh == 1 ) refresh_blog_details($id); @@ -515,12 +511,12 @@ function get_blog_status( $id, $pref ) { if( $details ) { return $details->$pref; } - return $wpdb->get_var( "SELECT $pref FROM {$wpdb->blogs} WHERE blog_id = '$id'" ); + return $wpdb->get_var( $wpdb->prepare("SELECT $pref FROM {$wpdb->blogs} WHERE blog_id = %d", $id) ); } -function get_last_updated( $display = false ) { +function get_last_updated( $deprecated = '', $start = 0, $quantity = 40 ) { global $wpdb; - return $wpdb->get_results( "SELECT blog_id, domain, path FROM $wpdb->blogs WHERE site_id = '$wpdb->siteid' AND public = '1' AND archived = '0' AND mature = '0' AND spam = '0' AND deleted = '0' AND last_updated != '0000-00-00 00:00:00' ORDER BY last_updated DESC limit 0,40", ARRAY_A ); + return $wpdb->get_results( $wpdb->prepare("SELECT blog_id, domain, path FROM $wpdb->blogs WHERE site_id = %d AND public = '1' AND archived = '0' AND mature = '0' AND spam = '0' AND deleted = '0' AND last_updated != '0000-00-00 00:00:00' ORDER BY last_updated DESC limit %d, %d", $wpdb->siteid, $start, $quantity ) , ARRAY_A ); } function get_most_active_blogs( $num = 10, $display = true ) { @@ -566,7 +562,7 @@ function get_most_active_blogs( $num = 10, $display = true ) { return array_slice( $most_active, 0, $num ); } -function get_blog_list( $start = 0, $num = 10, $display = true ) { +function get_blog_list( $start = 0, $num = 10, $deprecated = '' ) { global $wpdb; $blogs = get_site_option( "blog_list" ); @@ -581,11 +577,11 @@ function get_blog_list( $start = 0, $num = 10, $display = true ) { if( $update == true ) { unset( $blogs ); - $blogs = $wpdb->get_results( "SELECT blog_id, domain, path FROM $wpdb->blogs WHERE site_id = '$wpdb->siteid' AND public = '1' AND archived = '0' AND mature = '0' AND spam = '0' AND deleted = '0' ORDER BY registered DESC", ARRAY_A ); + $blogs = $wpdb->get_results( $wpdb->prepare("SELECT blog_id, domain, path FROM $wpdb->blogs WHERE site_id = %d AND public = '1' AND archived = '0' AND mature = '0' AND spam = '0' AND deleted = '0' ORDER BY registered DESC", $wpdb->siteid), ARRAY_A ); foreach ( (array) $blogs as $details ) { $blog_list[ $details['blog_id'] ] = $details; - $blog_list[ $details['blog_id'] ]['postcount'] = $wpdb->get_var( "SELECT count(*) FROM " . $wpdb->base_prefix . $details['blog_id'] . "_posts WHERE post_status='publish' AND post_type='post'" ); + $blog_list[ $details['blog_id'] ]['postcount'] = $wpdb->get_var( "SELECT COUNT(ID) FROM " . $wpdb->base_prefix . $details['blog_id'] . "_posts WHERE post_status='publish' AND post_type='post'" ); } unset( $blogs ); $blogs = $blog_list; @@ -607,7 +603,7 @@ function get_blog_count( $id = 0 ) { $count_ts = get_site_option( "blog_count_ts" ); if( time() - $count_ts > 3600 ) { - $count = $wpdb->get_var( "SELECT count(*) as c FROM $wpdb->blogs WHERE site_id = '$id' AND spam='0' AND deleted='0' and archived='0'" ); + $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(blog_id) as c FROM $wpdb->blogs WHERE site_id = %d AND spam = '0' AND deleted = '0' and archived = '0'", $id) ); update_site_option( "blog_count", $count ); update_site_option( "blog_count_ts", time() ); } @@ -623,7 +619,7 @@ function get_blog_post( $blog_id, $post_id ) { $key = $blog_id."-".$post_id."-blog_post"; $post = wp_cache_get( $key, "site-options" ); if( $post == false ) { - $post = $wpdb->get_row( "SELECT * FROM {$wpdb->base_prefix}{$blog_id}_posts WHERE ID = '{$post_id}'" ); + $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM {$wpdb->base_prefix}{$blog_id}_posts WHERE ID = %d", $post_id) ); wp_cache_add( $key, $post, "site-options", 120 ); } @@ -737,11 +733,11 @@ function wpmu_admin_do_redirect( $url = '' ) { if( $ref ) { $ref = wpmu_admin_redirect_add_updated_param( $ref ); wp_redirect( $ref ); - die(); + exit(); } if( empty( $_SERVER['HTTP_REFERER'] ) == false ) { wp_redirect( $_SERVER['HTTP_REFERER'] ); - die(); + exit(); } $url = wpmu_admin_redirect_add_updated_param( $url ); @@ -753,7 +749,7 @@ function wpmu_admin_do_redirect( $url = '' ) { $url = wpmu_admin_redirect_add_updated_param( $_POST['redirect'] ); } wp_redirect( $url ); - die(); + exit(); } function wpmu_admin_redirect_add_updated_param( $url = '' ) { @@ -891,14 +887,14 @@ function wpmu_validate_user_signup($user_name, $user_email) { $errors->add('user_email', __("Sorry, that email address is already used!")); // Has someone already signed up for this username? - $signup = $wpdb->get_row("SELECT * FROM $wpdb->signups WHERE user_login = '$user_name'"); + $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); if ( $signup != null ) { $registered_at = mysql2date('U', $signup->registered); $now = current_time( 'timestamp', true ); $diff = $now - $registered_at; // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) { - $wpdb->query("DELETE FROM $wpdb->signups WHERE user_login = '$user_name'"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_login = %s", $user_name) ); } else { $errors->add('user_name', __("That username is currently reserved but may be available in a couple of days.")); } @@ -906,14 +902,12 @@ function wpmu_validate_user_signup($user_name, $user_email) { $errors->add('user_email_used', __("username and email used")); } - $signup = $wpdb->get_row("SELECT * FROM $wpdb->signups WHERE user_email = '$user_email'"); + $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_email = %s", $user_email) ); if ( $signup != null ) { - $registered_at = mysql2date('U', $signup->registered); - $now = current_time( 'timestamp', true ); - $diff = $now - $registered_at; + $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) { - $wpdb->query("DELETE FROM $wpdb->signups WHERE user_email = '$user_email'"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE user_email = %s", $user_email) ); } else { $errors->add('user_email', __("That email address has already been used. Please check your inbox for an activation email. It will become available in a couple of days if you do nothing.")); } @@ -986,23 +980,18 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { } // Has someone already signed up for this domain? - // TODO: Check email too? - $signup = $wpdb->get_row("SELECT * FROM $wpdb->signups WHERE domain = '$mydomain' AND path = '$path'"); + $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path) ); // TODO: Check email too? if ( ! empty($signup) ) { - $registered_at = mysql2date('U', $signup->registered); - $now = current_time( 'timestamp', true ); - $diff = $now - $registered_at; + $diff = current_time( 'timestamp', true ) - mysql2date('U', $signup->registered); // If registered more than two days ago, cancel registration and let this signup go through. if ( $diff > 172800 ) { - $wpdb->query("DELETE FROM $wpdb->signups WHERE domain = '$mydomain' AND path = '$path'"); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->signups WHERE domain = %s AND path = %s", $mydomain, $path) ); } else { $errors->add('blogname', __("That blog is currently reserved but may be available in a couple days.")); } } - $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, - 'errors' => $errors); - + $result = array('domain' => $mydomain, 'path' => $path, 'blogname' => $blogname, 'blog_title' => $blog_title, 'errors' => $errors); return apply_filters('wpmu_validate_blog_signup', $result); } @@ -1011,14 +1000,23 @@ function wpmu_validate_blog_signup($blogname, $blog_title, $user = '') { function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '') { global $wpdb; + // Format data $key = substr( md5( time() . rand() . $domain ), 0, 16 ); - $registered = current_time('mysql', true); $meta = serialize($meta); $domain = $wpdb->escape($domain); $path = $wpdb->escape($path); $title = $wpdb->escape($title); - $wpdb->query( "INSERT INTO $wpdb->signups ( domain, path, title, user_login, user_email, registered, activation_key, meta ) - VALUES ( '$domain', '$path', '$title', '$user', '$user_email', '$registered', '$key', '$meta' )" ); + + $wpdb->insert( $wpdb->signups, array( + 'domain' => $domain, + 'path' => $path, + 'title' => $title, + 'user_login' => $user, + 'user_email' => $user_email, + 'registered' => current_time('mysql', true), + 'activation_key' => $key, + 'meta' => $meta + ) ); wpmu_signup_blog_notification($domain, $path, $title, $user, $user_email, $key, $meta); } @@ -1026,14 +1024,22 @@ function wpmu_signup_blog($domain, $path, $title, $user, $user_email, $meta = '' function wpmu_signup_user($user, $user_email, $meta = '') { global $wpdb; + // Format data $user = preg_replace( "/\s+/", '', sanitize_user( $user, true ) ); $user_email = sanitize_email( $user_email ); - $key = substr( md5( time() . rand() . $user_email ), 0, 16 ); - $registered = current_time('mysql', true); $meta = serialize($meta); - $wpdb->query( "INSERT INTO $wpdb->signups ( domain, path, title, user_login, user_email, registered, activation_key, meta ) - VALUES ( '', '', '', '$user', '$user_email', '$registered', '$key', '$meta' )" ); + + $wpdb->insert( $wpdb->signups, array( + 'domain' => '', + 'path' => '', + 'title' => '', + 'user_login' => $user, + 'user_email' => $user_email, + 'registered' => current_time('mysql', true), + 'activation_key' => $key, + 'meta' => $meta + ) ); wpmu_signup_user_notification($user, $user_email, $key, $meta); } @@ -1043,7 +1049,7 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai global $current_site; if( !apply_filters('wpmu_signup_blog_notification', $domain, $path, $title, $user, $user_email, $key, $meta) ) - return; + return false; // Send email with activation link. if( constant( "VHOST" ) == 'no' ) { @@ -1061,13 +1067,14 @@ function wpmu_signup_blog_notification($domain, $path, $title, $user, $user_emai // TODO: Don't hard code activation link. $subject = '[' . $from_name . '] ' . sprintf(__('Activate %s'), clean_url('http://' . $domain . $path)); wp_mail($user_email, $subject, $message, $message_headers); + return true; } function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { global $current_site; if( !apply_filters('wpmu_signup_user_notification', $user, $user_email, $key, $meta) ) - return; + return false; // Send email with activation link. $admin_email = get_site_option( "admin_email" ); @@ -1079,12 +1086,13 @@ function wpmu_signup_user_notification($user, $user_email, $key, $meta = '') { // TODO: Don't hard code activation link. $subject = sprintf(__('Activate %s'), $user); wp_mail($user_email, $subject, $message, $message_headers); + return true; } function wpmu_activate_signup($key) { global $wpdb; - $signup = $wpdb->get_row("SELECT * FROM $wpdb->signups WHERE activation_key = '$key'"); + $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) ); if ( empty($signup) ) return new WP_Error('invalid_key', __('Invalid activation key.')); @@ -1111,7 +1119,7 @@ function wpmu_activate_signup($key) { $now = current_time('mysql', true); if ( empty($signup->domain) ) { - $wpdb->query("UPDATE $wpdb->signups SET active = '1', activated = '$now' WHERE activation_key = '$key'"); + $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); if ( isset($user_already_exists) ) return new WP_Error('user_already_exists', __('That username is already activated.'), $signup); wpmu_welcome_user_notification($user_id, $password, $meta); @@ -1129,13 +1137,13 @@ function wpmu_activate_signup($key) { // setting the activation flag. Let's just set the active flag and instruct the user to reset their password. if ( 'blog_taken' == $blog_id->get_error_code() ) { $blog_id->add_data($signup); - $wpdb->query("UPDATE $wpdb->signups SET active = '1', activated = '$now' WHERE activation_key = '$key'"); + $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); } return $blog_id; } - $wpdb->query("UPDATE $wpdb->signups SET active = '1', activated = '$now' WHERE activation_key = '$key'"); + $wpdb->update( $wpdb->signups, array('active' => 1, 'activated' => $now), array('activation_key' => $key) ); wpmu_welcome_notification($blog_id, $user_id, $password, $signup->title, $meta); @@ -1160,7 +1168,8 @@ function wpmu_create_user( $user_name, $password, $email) { return false; $user_id = wp_create_user( $user_name, $password, $email ); - $user = new WP_User($user_id); + $user = new WP_User($user_id); + // Newly created users have no roles or caps until they are added to a blog. update_usermeta($user_id, 'capabilities', ''); update_usermeta($user_id, 'user_level', ''); @@ -1221,10 +1230,10 @@ function wpmu_create_blog($domain, $path, $title, $user_id, $meta = '', $site_id return $blog_id; } -function newblog_notify_siteadmin( $blog_id, $user_id ) { +function newblog_notify_siteadmin( $blog_id, $deprecated = '' ) { global $current_site; if( get_site_option( 'registrationnotification' ) != 'yes' ) - return; + return false; $email = get_site_option( 'admin_email' ); if( is_email($email) == false ) @@ -1240,8 +1249,8 @@ Disable these notifications: %4s"), get_blog_option( $blog_id, "blogname" ), get $msg = apply_filters( 'newblog_notify_siteadmin', $msg ); wp_mail( $email, sprintf(__("New Blog Registration: %s"), get_blog_option( $blog_id, "siteurl" )), $msg ); + return true; } -add_action( "wpmu_new_blog", "newblog_notify_siteadmin", 10, 2 ); function newuser_notify_siteadmin( $user_id ) { global $current_site; @@ -1263,20 +1272,20 @@ Disable these notifications: %3s"), $user->user_login, $_SERVER['REMOTE_ADDR'], wp_mail( $email, sprintf(__("New User Registration: %s"), $user->user_login), $msg ); return true; } -add_action( "wpmu_new_user", "newuser_notify_siteadmin" ); function domain_exists($domain, $path, $site_id = 1) { global $wpdb; - return $wpdb->get_var("SELECT blog_id FROM $wpdb->blogs WHERE domain = '$domain' AND path = '$path' AND site_id = '$site_id'" ); + return $wpdb->get_var( $wpdb->prepare("SELECT blog_id FROM $wpdb->blogs WHERE domain = %s AND path = %s AND site_id = %d", $domain, $path, $site_id) ); } function insert_blog($domain, $path, $site_id) { global $wpdb; + $path = trailingslashit($path); $site_id = (int) $site_id; - $result = $wpdb->query( "INSERT INTO $wpdb->blogs ( blog_id, site_id, domain, path, registered ) VALUES ( NULL, '$site_id', '$domain', '$path', NOW( ))" ); - if ( !$result ) + $wpdb->insert( $wpdb->blogs, array('site_id' => $site_id, 'domain' => $domain, 'path' => $path, 'registered' => current_time('mysql')) ); + if ( !$wpdb->insert_id ) return false; refresh_blog_details($wpdb->insert_id); @@ -1286,12 +1295,16 @@ function insert_blog($domain, $path, $site_id) { // Install an empty blog. wpdb should already be switched. function install_blog($blog_id, $blog_title = '') { global $wpdb, $table_prefix, $wp_roles; + + // Cast for security + $blog_id = (int) $blog_id; require_once( ABSPATH . 'wp-admin/includes/upgrade.php'); + $wpdb->suppress_errors(); - $installed = $wpdb->get_results("SELECT * FROM $wpdb->posts"); + if ( $wpdb->get_results("SELECT ID FROM $wpdb->posts") ) + die(__('<h1>Already Installed</h1><p>You appear to have already installed WordPress. To reinstall please clear your old database tables first.</p>') . '</body></html>'); $wpdb->suppress_errors( false); - if ($installed) die(__('<h1>Already Installed</h1><p>You appear to have already installed WordPress. To reinstall please clear your old database tables first.</p>') . '</body></html>'); $url = get_blogaddress_by_id($blog_id); @@ -1300,6 +1313,7 @@ function install_blog($blog_id, $blog_title = '') { populate_options(); populate_roles(); $wp_roles->_init(); + // fix url. update_option('siteurl', $url); update_option('home', $url); @@ -1307,31 +1321,28 @@ function install_blog($blog_id, $blog_title = '') { update_option('upload_path', "wp-content/blogs.dir/" . $blog_id . "/files"); update_option('blogname', $blog_title); update_option('admin_email', ''); - $wpdb->query("UPDATE $wpdb->options SET option_value = '' WHERE option_name = 'admin_email'"); + $wpdb->update( $wpdb->options, array('option_value' => ''), array('option_name' => 'admin_email') ); // Default category - $cat_name = $wpdb->escape(__('Uncategorized')); - $cat_slug = sanitize_title(__('Uncategorized')); - $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('1', '$cat_name', '$cat_slug', '0')"); - - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); + $wpdb->insert( $wpdb->terms, array('term_id' => 1, 'name' => __('Uncategorized'), 'slug' => sanitize_title(__('Uncategorized')), 'term_group' => 0) ); + $wpdb->insert( $wpdb->term_taxonomy, array('term_id' => 1, 'taxonomy' => 'category', 'description' => '', 'parent' => 0, 'count' => 1) ); // Default link category - $cat_name = $wpdb->escape(__('Blogroll')); - $cat_slug = sanitize_title(__('Blogroll')); - $blogroll_id = $wpdb->get_var( "SELECT cat_ID FROM {$wpdb->sitecategories} WHERE category_nicename = '$cat_slug'" ); + $cat_name = __('Blogroll'); + $cat_slug = sanitize_title($cat_name); + + $blogroll_id = $wpdb->get_var( $wpdb->prepare( "SELECT cat_ID FROM {$wpdb->sitecategories} WHERE category_nicename = %s", $cat_slug ) ); if( $blogroll_id == null ) { - $wpdb->query( "INSERT INTO " . $wpdb->sitecategories . " (cat_ID, cat_name, category_nicename, last_updated) VALUES (0, '$cat_name', '$cat_slug', NOW())" ); + $wpdb->insert( $wpdb->sitecategories, array('cat_ID' => 0, 'cat_name' => $cat_name, 'category_nicename' => $cat_slug, 'last_updated' => current_time('mysql')) ); $blogroll_id = $wpdb->insert_id; } - $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$blogroll_id', '$cat_name', '$cat_slug', '0')"); - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$blogroll_id', 'link_category', '', '0', '2')"); - + $wpdb->insert( $wpdb->terms, array('term_id' => $blogroll_id, 'name' => $cat_name, 'slug' => $cat_slug, 'term_group' => 0) ); + $wpdb->insert( $wpdb->term_taxonomy, array('term_id' => $blogroll_id, 'taxonomy' => 'link_category', 'description' => '', 'parent' => 0, 'count' => 2) ); update_option('default_link_category', $blogroll_id); // remove all perms - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '".$table_prefix."user_level'" ); - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE meta_key = '".$table_prefix."capabilities'" ); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE meta_key = %s", $table_prefix.'user_level') ); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE meta_key = %s", $table_prefix.'capabilities') ); wp_cache_delete('notoptions', 'options'); wp_cache_delete('alloptions', 'options'); @@ -1344,45 +1355,86 @@ function install_blog_defaults($blog_id, $user_id) { $wpdb->suppress_errors(); + // Cast for security + $user_id = (int) $user_id; + $blog_id = (int) $blog_id; + // Default links - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_owner, link_rss) VALUES ('http://wordpress.com/', 'WordPress.com', 1356, '$user_id', 'http://wordpress.com/feed/');"); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_owner, link_rss) VALUES ('http://wordpress.org/', 'WordPress.org', 1356, '$user_id', 'http://wordpress.org/development/feed/');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); + $wpdb->insert( $wpdb->links, array('link_url' => 'http://wordpress.com/', 'link_name' => 'WordPress.com', 'link_category' => '1356', 'link_owner' => $user_id, 'link_rss' => 'http://wordpress.com/feed/') ); + $wpdb->insert( $wpdb->links, array('link_url' => 'http://wordpress.org/', 'link_name' => 'WordPress.org', 'link_category' => '1356', 'link_owner' => $user_id, 'link_rss' => 'http://wordpress.org/development/feed/') ); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => 1, 'term_taxonomy_id' => 2)); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => 2, 'term_taxonomy_id' => 2)); // First post $now = date('Y-m-d H:i:s'); $now_gmt = gmdate('Y-m-d H:i:s'); $first_post = get_site_option( 'first_post' ); - if( $first_post == false ) + if( $first_post == false ) { $first_post = stripslashes( __( 'Welcome to <a href="SITE_URL">SITE_NAME</a>. This is your first post. Edit or delete it, then start blogging!' ) ); - + } $first_post = str_replace( "SITE_URL", clean_url("http://" . $current_site->domain . $current_site->path), $first_post ); $first_post = str_replace( "SITE_NAME", $current_site->site_name, $first_post ); - $first_post = stripslashes( $first_post ); - - $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, comment_count) VALUES ('".$user_id."', '$now', '$now_gmt', '".addslashes($first_post)."', '".addslashes(__('Hello world!'))."', '0', '".addslashes(__('hello-world'))."', '$now', '$now_gmt', '1')"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); + $wpdb->insert( $wpdb->posts, array( + 'post_author' => $user_id, + 'post_date' => $now, + 'post_date_gmt' => $now_gmt, + 'post_content' => stripslashes( $first_post ), + 'post_excerpt' => '', + 'post_title' => __('Hello world!'), + 'post_category' => 0, + 'post_name' => __('hello-world'), + 'post_modified' => $now, + 'post_modified_gmt' => $now_gmt, + 'comment_count' => 1 + ) ); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => 1, 'term_taxonomy_id' => 1)); update_option( "post_count", 1 ); // First page - $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ('$user_id', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'publish', 'page', '', '', '')"); + $wpdb->insert( $wpdb->posts, array( + 'post_author' => $user_id, + 'post_date' => $now, + 'post_date_gmt' => $now_gmt, + 'post_content' => __('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'), + 'post_excerpt' => '', + 'post_title' => __('About'), + 'post_category' => 0, + 'post_name' => __('about'), + 'post_modified' => $now, + 'post_modified_gmt' => $now_gmt, + 'post_status' => 'publish', + 'post_type' => 'page', + 'to_ping' => '', + 'pinged' => '', + 'post_content_filtered' => '' + ) ); + // Flush rules to pick up the new page. $wp_rewrite->init(); $wp_rewrite->flush_rules(); // Default comment - $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://" . $current_site->domain . $current_site->path . "', '127.0.0.1', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment.<br />To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')"); - + $wpdb->insert( $wpdb->comments, array( + 'comment_post_ID' => '1', + 'comment_author' => __('Mr WordPress'), + 'comment_author_email' => '', + 'comment_author_url' => 'http://' . $current_site->domain . $current_site->path, + 'comment_author_IP' => '127.0.0.1', + 'comment_date' => $now, + 'comment_date_gmt' => $now_gmt, + 'comment_content' => __("Hi, this is a comment.<br />To delete a comment, just log in, and view the posts' comments, there you will have the option to edit or delete them.") + ) ); + $user = new WP_User($user_id); - $wpdb->query("UPDATE $wpdb->options SET option_value = '$user->user_email' WHERE option_name = 'admin_email'"); + $wpdb->update( $wpdb->options, array('option_value' => $user->user_email), array('option_name' => 'admin_email') ); // Remove all perms except for the login user. - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE user_id != '".$user_id."' AND meta_key = '".$table_prefix."user_level'" ); - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE user_id != '".$user_id."' AND meta_key = '".$table_prefix."capabilities'" ); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id != %d AND meta_key = %s", $user_id, $table_prefix.'user_level') ); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id != %d AND meta_key = %s", $user_id, $table_prefix.'capabilities') ); + // Delete any caps that snuck into the previously active blog. (Hardcoded to blog 1 for now.) TODO: Get previous_blog_id. if ( !is_site_admin( $user->user_login ) && $user_id != 1 ) - $wpdb->query( "DELETE FROM ".$wpdb->usermeta." WHERE user_id = '".$user_id."' AND meta_key = '" . $wpdb->base_prefix . "1_capabilities'" ); + $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $wpdb->base_prefix.'1_capabilities') ); $wpdb->suppress_errors( false ); } @@ -1391,7 +1443,7 @@ function wpmu_welcome_notification($blog_id, $user_id, $password, $title, $meta global $current_site; if( !apply_filters('wpmu_welcome_notification', $blog_id, $user_id, $password, $title, $meta) ) - return; + return false; $welcome_email = stripslashes( get_site_option( 'welcome_email' ) ); if( $welcome_email == false ) @@ -1430,13 +1482,14 @@ SITE_NAME" ) ); $current_site->site_name = "WordPress MU"; $subject = sprintf(__('New %1$s Blog: %2$s'), $current_site->site_name, $title); wp_mail($user->user_email, $subject, $message, $message_headers); + return true; } function wpmu_welcome_user_notification($user_id, $password, $meta = '') { global $current_site; if( !apply_filters('wpmu_welcome_user_notification', $user_id, $password, $meta) ) - return; + return false; $welcome_email = __( "Dear User, @@ -1468,6 +1521,7 @@ SITE_NAME" ); $current_site->site_name = "WordPress MU"; $subject = sprintf(__('New %1$s User: %2$s'), $current_site->site_name, $user->user_login); wp_mail($user->user_email, $subject, $message, $message_headers); + return true; } function get_current_site() { @@ -1478,28 +1532,23 @@ function get_current_site() { function get_user_id_from_string( $string ) { global $wpdb; if( is_email( $string ) ) { - $user_id = $wpdb->get_var( "SELECT ID FROM {$wpdb->users} WHERE user_email = '$string'" ); + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM {$wpdb->users} WHERE user_email = %s", $string) ); } elseif ( is_numeric( $string ) ) { - $user_id = $string; - } else { - $user_id = $wpdb->get_var( "SELECT ID FROM {$wpdb->users} WHERE user_login = '$string'" ); + return $string; } - - return $user_id; + return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM {$wpdb->users} WHERE user_login = %s", $string) ); } function get_most_recent_post_of_user( $user_id ) { global $wpdb; - $user_id = (int) $user_id; - - $user_blogs = get_blogs_of_user($user_id); + $user_blogs = get_blogs_of_user( (int) $user_id ); $most_recent_post = array(); // Walk through each blog and get the most recent post // published by $user_id - foreach ( $user_blogs as $blog ) { - $recent_post = $wpdb->get_row("SELECT ID, post_date_gmt FROM {$wpdb->base_prefix}{$blog->userblog_id}_posts WHERE post_author = '{$user_id}' AND post_type = 'post' AND post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1", ARRAY_A); + foreach ( (array) $user_blogs as $blog ) { + $recent_post = $wpdb->get_row( $wpdb->prepare("SELECT ID, post_date_gmt FROM {$wpdb->base_prefix}{$blog->userblog_id}_posts WHERE post_author = %d AND post_type = 'post' AND post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1", $user_id ), ARRAY_A); // Make sure we found a post if ( isset($recent_post['ID']) ) { @@ -1526,13 +1575,10 @@ function get_most_recent_post_of_user( $user_id ) { } /* Misc functions */ - function fix_upload_details( $uploads ) { $uploads['url'] = str_replace( UPLOADS, "files", $uploads['url'] ); return $uploads; } -add_filter( "upload_dir", "fix_upload_details" ); - function get_dirsize($directory) { $size = 0; @@ -1560,9 +1606,9 @@ function get_dirsize($directory) { } function upload_is_user_over_quota( $echo = true ) { - // Default space allowed is 10 MB $spaceAllowed = get_space_allowed(); - if(empty($spaceAllowed) || !is_numeric($spaceAllowed)) $spaceAllowed = 10; + if(empty($spaceAllowed) || !is_numeric($spaceAllowed)) + $spaceAllowed = 10; // Default space allowed is 10 MB $dirName = constant( "ABSPATH" ) . constant( "UPLOADS" ); $size = get_dirsize($dirName) / 1024 / 1024; @@ -1575,41 +1621,35 @@ function upload_is_user_over_quota( $echo = true ) { return false; } } -add_action( 'upload_files_upload', 'upload_is_user_over_quota' ); -add_action( 'upload_files_browse', 'upload_is_user_over_quota' ); -add_action( 'upload_files_browse-all', 'upload_is_user_over_quota' ); function check_upload_mimes($mimes) { $site_exts = explode( " ", get_site_option( "upload_filetypes" ) ); - foreach ( $site_exts as $ext ) - foreach ( $mimes as $ext_pattern => $mime ) - if( strpos( $ext_pattern, $ext ) !== false ) + foreach ( $site_exts as $ext ) { + foreach ( $mimes as $ext_pattern => $mime ) { + if( strpos( $ext_pattern, $ext ) !== false ) { $site_mimes[$ext_pattern] = $mime; + } + } + } return $site_mimes; } -add_filter('upload_mimes', 'check_upload_mimes'); -function update_posts_count( $post_id ) { +function update_posts_count( $deprecated = '' ) { global $wpdb; - $post_id = intval( $post_id ); - $c = $wpdb->get_var( "SELECT count(*) FROM {$wpdb->posts} WHERE post_status = 'publish' and post_type='post'" ); - update_option( "post_count", $c ); + update_option( "post_count", (int) $wpdb->get_var( "SELECT COUNT(ID) FROM {$wpdb->posts} WHERE post_status = 'publish' and post_type = 'post'" ) ); } -add_action( "publish_post", "update_posts_count" ); function wpmu_log_new_registrations( $blog_id, $user_id ) { global $wpdb; - $user = new WP_User($user_id); - $email = $wpdb->escape($user->user_email); - $IP = preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ); - $wpdb->query( "INSERT INTO {$wpdb->registration_log} ( email , IP , blog_id, date_registered ) VALUES ( '{$email}', '{$IP}', '{$blog_id}', NOW( ))" ); + $user = new WP_User( (int) $user_id ); + $wpdb->insert( $wpdb->registration_log, array('email' => $user->user_email, 'IP' => preg_replace( '/[^0-9., ]/', '',$_SERVER['REMOTE_ADDR'] ), 'blog_id' => $blog_id, 'date_registered' => current_time('mysql')) ); } -add_action( "wpmu_new_blog" ,"wpmu_log_new_registrations", 10, 2 ); - function fix_import_form_size( $size ) { - if( upload_is_user_over_quota( false ) == true ) + if( upload_is_user_over_quota( false ) == true ) { return 0; + } + $spaceAllowed = 1024 * 1024 * get_space_allowed(); $dirName = constant( "ABSPATH" ) . constant( "UPLOADS" ); $dirsize = get_dirsize($dirName) ; @@ -1619,7 +1659,6 @@ function fix_import_form_size( $size ) { return $size; // default } } -add_filter( 'import_upload_size_limit', 'fix_import_form_size' ); if ( !function_exists('graceful_fail') ) : function graceful_fail( $message ) { @@ -1652,7 +1691,6 @@ text-align: center; endif; /* Delete blog */ - class delete_blog { function delete_blog() { $this->reallydeleteblog = false; @@ -1724,21 +1762,18 @@ SITE_NAME echo "</div>"; } } - $delete_blog_obj = new delete_blog(); /* Global Categories */ - -function global_terms( $term_id, $tt_id ) { +function global_terms( $term_id, $deprecated = '' ) { global $wpdb; $term_id = intval( $term_id ); - $c = $wpdb->get_row( "SELECT * FROM $wpdb->terms WHERE term_id = '$term_id'" ); - - $global_id = $wpdb->get_var( "SELECT cat_ID FROM $wpdb->sitecategories WHERE category_nicename = '" . $wpdb->escape( $c->slug ) . "'" ); + $c = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->terms WHERE term_id = %d", $term_id ) ); + $global_id = $wpdb->get_var( $wpdb->prepare( "SELECT cat_ID FROM $wpdb->sitecategories WHERE category_nicename = %s", $c->slug ) ); if ( $global_id == null ) { - $wpdb->query( "INSERT INTO $wpdb->sitecategories ( cat_name, category_nicename ) VALUES ( '" . $wpdb->escape( $c->name ) . "', '" . $wpdb->escape( $c->slug ) . "' )" ); + $wpdb->insert( $wpdb->sitecategories, array('cat_name' => $c->name, 'category_nicename' => $c->slug) ); $global_id = $wpdb->insert_id; } @@ -1747,15 +1782,15 @@ function global_terms( $term_id, $tt_id ) { if( get_option( 'default_category' ) == $term_id ) update_option( 'default_category', $global_id ); - $wpdb->query( "UPDATE $wpdb->terms SET term_id = '$global_id' WHERE term_id = '$term_id'" ); - $wpdb->query( "UPDATE $wpdb->term_taxonomy SET term_id = '$global_id' WHERE term_id = '$term_id'" ); - $wpdb->query( "UPDATE $wpdb->term_taxonomy SET parent = '$global_id' WHERE parent = '$term_id'" ); + + $wpdb->update( $wpdb->terms, array('term_id' => $global_id), array('term_id' => $term_id) ); + $wpdb->update( $wpdb->term_taxonomy, array('term_id' => $global_id), array('term_id' => $term_id) ); + $wpdb->update( $wpdb->term_taxonomy, array('parent' => $global_id), array('parent' => $term_id) ); clean_term_cache($term_id); return $global_id; } -add_filter( 'term_id_filter', 'global_terms', 10, 2 ); // taxonomy specific filter function choose_primary_blog() { global $current_user; @@ -1784,13 +1819,11 @@ function choose_primary_blog() { </table> <?php } -add_action( 'profile_personal_options', 'choose_primary_blog' ); -function redirect_this_site( $hosts ) { +function redirect_this_site( $deprecated = '' ) { global $current_site; return array( $current_site->domain ); } -add_filter( 'allowed_redirect_hosts', 'redirect_this_site' ); function upload_is_file_too_big( $upload ) { if( is_array( $upload ) == false || defined( 'WP_IMPORTING' ) ) @@ -1801,9 +1834,8 @@ function upload_is_file_too_big( $upload ) { return $upload; } -add_filter( "wp_upload_bits", "upload_is_file_too_big" ); -function safecss_filter_attr( $css, $element ) { +function safecss_filter_attr( $css, $deprecated = '' ) { $css = wp_kses_no_null($css); $css = str_replace(array("\n","\r","\t"), '', $css); $css_array = split( ';', trim( $css ) ); @@ -1832,7 +1864,7 @@ function safecss_filter_attr( $css, $element ) { return $css; } -function wordpressmu_authenticate_siteadmin( $user, $password ) { +function wordpressmu_authenticate_siteadmin( $user, $password = '' ) { if( is_site_admin( $user->user_login ) == false && ( $primary_blog = get_usermeta( $user->user_id, "primary_blog" ) ) ) { $details = get_blog_details( $primary_blog ); if( is_object( $details ) && $details->spam == 1 ) { @@ -1841,14 +1873,12 @@ function wordpressmu_authenticate_siteadmin( $user, $password ) { } return $user; } -add_filter( 'wp_authenticate_user', 'wordpressmu_authenticate_siteadmin', 10, 2 ); function wordpressmu_wp_mail_from( $email ) { if( strpos( $email, 'wordpress@' ) !== false ) $email = get_option( 'admin_email' ); return $email; } -add_filter( 'wp_mail_from', 'wordpressmu_wp_mail_from' ); /* XMLRPC getUsersBlogs() for a multiblog environment @@ -1882,14 +1912,13 @@ function attach_wpmu_xmlrpc($methods) { $methods['blogger.getUsersBlogs'] = 'wpmu_blogger_getUsersBlogs'; return $methods; } -add_filter('xmlrpc_methods', 'attach_wpmu_xmlrpc'); /* Users */ function promote_if_site_admin(&$user) { if ( !is_site_admin( $user->user_login ) ) - return; + return false; global $wpdb; $level = $wpdb->prefix . 'user_level'; @@ -1897,6 +1926,7 @@ function promote_if_site_admin(&$user) { $user->user_level = 10; $cap_key = $wpdb->prefix . 'capabilities'; $user->{$cap_key} = array( 'administrator' => '1' ); + return true; } if( is_object( $wp_object_cache ) ) { @@ -1915,41 +1945,34 @@ function mu_locale( $locale ) { } return $locale; } -add_filter( 'locale', 'mu_locale' ); function signup_nonce_fields() { $id = mt_rand(); echo "<input type='hidden' name='signup_form_id' value='{$id}' />"; wp_nonce_field('signup_form_' . $id, '_signup_form', false); } -add_action( 'signup_hidden_fields', 'signup_nonce_fields' ); function signup_nonce_check( $result ) { if( !strpos( $_SERVER[ 'PHP_SELF' ], 'wp-signup.php' ) ) return $result; if ( wp_create_nonce('signup_form_' . $_POST[ 'signup_form_id' ]) != $_POST['_signup_form'] ) - wp_die( 'Please try again!' ); + wp_die( __('Please try again!') ); return $result; } -add_filter( 'wpmu_validate_blog_signup', 'signup_nonce_check' ); -add_filter( 'wpmu_validate_user_signup', 'signup_nonce_check' ); function maybe_redirect_404() { - global $wpdb; if( is_main_blog() && is_404() && defined( 'NOBLOGREDIRECT' ) && constant( 'NOBLOGREDIRECT' ) != '' ) { - header( "Location: " . constant( 'NOBLOGREDIRECT' ) ); - die(); + wp_redirect( constant( 'NOBLOGREDIRECT' ) ); + exit(); } } -add_action( 'template_redirect', 'maybe_redirect_404' ); function remove_tinymce_media_button( $buttons ) { unset( $buttons[ array_search( 'media', $buttons ) ] ); return $buttons; } -add_filter( 'mce_buttons_2', 'remove_tinymce_media_button' ); function add_existing_user_to_blog() { if( false !== strpos( $_SERVER[ 'REQUEST_URI' ], '/newbloguser/' ) ) { @@ -1966,5 +1989,4 @@ function add_existing_user_to_blog() { } } } -add_action( 'init', 'add_existing_user_to_blog' ); ?> diff --git a/wp-settings.php b/wp-settings.php index ad10e47..20be69e 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -290,6 +290,7 @@ if ( !defined('WP_CONTENT_URL') ) define( 'WP_CONTENT_URL', get_option('siteurl') . '/wp-content'); // full url - WP_CONTENT_DIR is defined further up require_once( ABSPATH . WPINC . '/wpmu-functions.php' ); +require (ABSPATH . WPINC . '/wpmu-default-filters.php'); // WPmu Filters /** * Allows for the plugins directory to be moved from the default location. |