Changeset 7246
- Timestamp:
- 03/08/2022 05:32:48 AM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.6/src/includes/users/functions.php
r7097 r7246 955 955 * 956 956 * @since 2.1.0 bbPress (r3813) 957 * @since 2.6.10 bbPress (r7244) Switched from direct query to get_user_by() 957 958 */ 958 959 function bbp_user_maybe_convert_pass() { 959 960 960 // Sanitize username961 $ username= ! empty( $_POST['log'] )962 ? sanitize_user( $_POST['log'])961 // Sanitize login 962 $login = ! empty( $_POST['log'] ) 963 ? sanitize_user( wp_unslash( $_POST['log'] ) ) 963 964 : ''; 964 965 965 // Bail if no username 966 if ( empty( $username ) ) { 967 return; 968 } 969 970 // Bail if no user password to convert 971 $bbp_db = bbp_db(); 972 $query = $bbp_db->prepare( "SELECT * FROM {$bbp_db->users} INNER JOIN {$bbp_db->usermeta} ON user_id = ID WHERE meta_key = %s AND user_login = %s LIMIT 1", '_bbp_class', $username ); 973 $row = $bbp_db->get_row( $query ); 974 if ( empty( $row ) || is_wp_error( $row ) ) { 966 // Sanitize password 967 $pass = ! empty( $_POST['pwd'] ) 968 ? trim( $_POST['pwd'] ) 969 : ''; 970 971 // Bail if no username or password 972 if ( empty( $login ) || empty( $pass ) ) { 973 return; 974 } 975 976 // Get user by login... 977 $user = get_user_by( 'login', $login ); 978 979 // ...or get user by email 980 if ( empty( $user ) && strpos( $login, '@' ) ) { 981 $user = get_user_by( 'email', $login ); 982 } 983 984 // Bail if no user 985 if ( empty( $user ) ) { 986 return; 987 } 988 989 // Get converter class from usermeta 990 $class = get_user_meta( $user->ID, '_bbp_class', true ); 991 992 // Bail if no converter class in meta 993 if ( empty( $class ) || ! is_string( $class ) ) { 975 994 return; 976 995 } … … 979 998 bbp_setup_converter(); 980 999 981 // Try to convert the old password for this user 982 $converter = bbp_new_converter( $row->meta_value ); 983 984 // Try to call the conversion method 1000 // Try to instantiate the converter class 1001 $converter = bbp_new_converter( $class ); 1002 1003 // Bail if no converter 1004 if ( empty( $converter ) ) { 1005 return; 1006 } 1007 1008 // Try to call the password conversion callback method 985 1009 if ( ( $converter instanceof BBP_Converter_Base ) && method_exists( $converter, 'callback_pass' ) ) { 986 $converter->callback_pass( $ username, $_POST['pwd']);987 } 988 } 1010 $converter->callback_pass( $login, $pass ); 1011 } 1012 }
Note: See TracChangeset
for help on using the changeset viewer.