WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
06/29/2018 08:57:02 PM (8 years ago)
Author:
obenland
Message:

Main: phpcs updates

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-main/inc/privacy-functions.php

    r7251 r7350  
    22/**
    33 * Functions for the Privacy Tools - Exports and Erasures.
     4 *
     5 * @package WordPressdotorg\MainTheme
    46 */
     7
     8// phpcs:disable WordPress.VIP.SuperGlobalInputUsage.AccessDetected, WordPress.VIP.ValidatedSanitizedInput
     9
    510namespace WordPressdotorg\MainTheme;
     11
    612use WordPressdotorg\GDPR\Main as GDPR_Main;
    713
     14/**
     15 * Processes privacy requests.
     16 *
     17 * @param string $type Type of request.
     18 *
     19 * @return array
     20 */
    821function privacy_process_request( $type ) {
    9     $email = $error_message = $success = false;
    10     $nonce_action = 'request_' . $type;
     22    $email         = false;
     23    $error_message = false;
     24    $success       = false;
     25    $nonce_action  = 'request_' . $type;
    1126
    12     if ( empty( $_POST['email'] ) || ! $type || ! in_array( $type, [ 'erase', 'export' ] ) ) {
     27    if ( empty( $_POST['email'] ) || ! $type || ! in_array( $type, [ 'erase', 'export' ], true ) ) {
    1328        return compact( 'email', 'error_message', 'success', 'nonce_action' );
    1429    }
    1530
    16     $email = trim( wp_unslash( $_POST['email'] ) );
    17 
    18     $requesting_user = false;
    19     if ( is_user_logged_in() ) {
    20         $requesting_user = wp_get_current_user()->user_login;
    21     }
     31    // phpcs:ignore WordPress.CSRF.NonceVerification.NoNonceVerification
     32    $email           = trim( wp_unslash( $_POST['email'] ) );
     33    $requesting_user = is_user_logged_in() ? wp_get_current_user()->user_login : false;
     34    $email_user      = get_user_by( 'email', $email );
    2235
    2336    // Currently only enabled for special accounts.
    24     if ( 'export' === $type && ( ! is_user_logged_in() || ! wporg_user_has_restricted_password() ) ) {
     37    if ( 'export' === $type && ( ! is_user_logged_in() || ! function_exists( 'wporg_user_has_restricted_password' ) || ! wporg_user_has_restricted_password() ) ) {
    2538        $error_message = 'This form is currently unavailable.';
    26     } else
    27 
    28     if ( ! reCAPTCHA\check_status() ) {
     39    } elseif ( ! reCAPTCHA\check_status() ) {
    2940        $error_message = esc_html__( 'Your form session has expired. Please try again.', 'wporg' );
    3041    } elseif (
    3142        is_user_logged_in() &&
    32         ! wp_verify_nonce( $_POST['_wpnonce'], $nonce_action )
     43        ! wp_verify_nonce( wp_unslash( $_POST['_wpnonce'] ), $nonce_action )
    3344    ) {
    3445        $error_message = esc_html__( 'Your form session has expired. Please try again.', 'wporg' );
    35 
    3646    } elseif (
    3747        // Check if a user account exists for this email before processing.
    38         false != ( $email_user = get_user_by( 'email', $email ) ) &&
    39         $email_user->user_login !== $requesting_user
     48        false !== $email_user && $email_user->user_login !== $requesting_user
    4049    ) {
    4150        if ( is_user_logged_in() ) {
     
    5261            );
    5362        }
    54 
    5563    } else {
    56         if ( 'export' == $type ) {
     64        if ( 'export' === $type ) {
    5765            $api_method = 'create-data-export-request';
    58         } elseif ( 'erase' == $type ) {
     66        } elseif ( 'erase' === $type ) {
    5967            $api_method = 'create-account-erasure-request';
    6068        }
     
    7381            $error_message = $api_request->get_error_message();
    7482
    75             if ( 'duplicate_request' == $api_request->get_error_code() ) {
     83            if ( 'duplicate_request' === $api_request->get_error_code() ) {
    7684                // TODO This should never have to be displayed to an end user. See API for details.
    7785                $error_message = esc_html__( 'A request for this email address already exists. Please check your spam folder for your confirmation email.', 'wporg' );
    7886
    79             } elseif ( 'invalid_identifier' == $api_request->get_error_code() ) {
     87            } elseif ( 'invalid_identifier' === $api_request->get_error_code() ) {
    8088                $error_message = esc_html__( 'The provided email was invalid. Please check the address and try again.', 'wporg' );
    8189
    8290            }
    83         } elseif ( !empty( $api_request['created'] ) ) {
     91        } elseif ( ! empty( $api_request['created'] ) ) {
    8492            $success = true;
    8593        }
Note: See TracChangeset for help on using the changeset viewer.