function commerce_checkout_update_7103 in Commerce Core 7
If the variable commerce_checkout_run_update_7103 is set, change all user names that contain @ and look like an e-mail address to prevent the disclosure of e-mail addresses to non-trusted users. Refer to the release notes for Commerce 1.10 for instructions on how to set this variable. Otherwise you are responsible to clean the usernames on your own.
File
- modules/
checkout/ commerce_checkout.install, line 112
Code
function commerce_checkout_update_7103(&$sandbox) {
// Every site may not want to disrupt all their account usernames with this
// update, so we require sites to set a variable explicitly to run the update.
// Sites that do not must do their own handling of the security issue.
if (!variable_get('commerce_checkout_run_update_7103', FALSE)) {
return t('Skipped update 7103 because the variable commerce_checkout_run_update_7103 is not set. You must make sure usernames are not valid e-mail adresses on your own.');
}
if (!isset($sandbox['progress'])) {
$sandbox['progress'] = 0;
$sandbox['max'] = db_query("SELECT COUNT(*) FROM {users} WHERE name LIKE '%@%'")
->fetchField();
}
// Update 100 user names at a time.
$names = db_query("SELECT uid, name FROM {users} WHERE name LIKE '%@%' LIMIT 100")
->fetchAllKeyed();
$order = new stdClass();
foreach ($names as $uid => $name) {
$order->mail = $name;
$new_name = commerce_order_get_properties($order, array(), 'mail_username');
db_update('users')
->fields(array(
'name' => $new_name,
))
->condition('uid', $uid)
->execute();
$sandbox['progress']++;
}
$sandbox['#finished'] = empty($names) ? 1 : $sandbox['progress'] / $sandbox['max'];
return t('Usernames resembling e-mail addresses have been cleaned.');
}