WordPress.org

Making WordPress.org

Changeset 5633


Ignore:
Timestamp:
07/08/2017 03:59:58 PM (3 years ago)
Author:
SergeyBiryukov
Message:

Support Forums: Allow keymasters and moderators to change user's email address without requiring a confirmation.

Fixes #1985.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-moderators.php

    r5632 r5633  
    2020        // Allow keymasters and moderators to edit users.
    2121        add_filter( 'bbp_map_primary_meta_caps',        array( $this, 'map_meta_caps' ), 10, 4 );
     22        add_action( 'bbp_post_request',                 array( $this, 'edit_user_handler' ), 0 );
    2223
    2324        // Append 'view=all' to forum, topic, and reply URLs in moderator views.
     
    174175
    175176        return $caps;
     177    }
     178
     179    /**
     180     * Allow keymasters and moderators to change user's email address
     181     * without requiring a confirmation.
     182     *
     183     * @param string $action The requested action.
     184     */
     185    function edit_user_handler( $action = '' ) {
     186        if ( 'bbp-update-user' !== $action || is_admin() || bbp_is_user_home_edit() ) {
     187            return;
     188        }
     189
     190        $user_id = bbp_get_displayed_user_id();
     191
     192        if ( ! bbp_verify_nonce_request( 'update-user_' . $user_id ) ) {
     193            return;
     194        }
     195
     196        if ( ! current_user_can( 'edit_user', $user_id ) || empty( $_POST['email'] ) ) {
     197            return;
     198        }
     199
     200        $user_email = bbp_get_displayed_user_field( 'user_email', 'raw' );
     201        $new_email  = sanitize_text_field( wp_unslash( $_POST['email'] ) );
     202
     203        if ( $user_email !== $new_email ) {
     204            // Bail if the email address is invalid or already in use.
     205            if ( ! is_email( $new_email ) || email_exists( $new_email ) ) {
     206                return;
     207            }
     208
     209            // Set the displayed user's email to the new address
     210            // so `bbp_edit_user_handler()` does not attempt to update it,
     211            // `edit_user()` will handle that instead.
     212            bbpress()->displayed_user->user_email = $new_email;
     213
     214            add_filter( 'send_email_change_email', '__return_false' );
     215        }
    176216    }
    177217
Note: See TracChangeset for help on using the changeset viewer.