Commons 1.13.6

I’ve just released version 1.13.6 of the CUNY Academic Commons. This maintenance release, which is also a major theme/plugin update release, contains some performance improvements for certain scheduled tasks, as well as some streamlining of the way that data is handled during aborted account registrations.

For complete details, visit the 1.13.6 milestone.

Commons 1.12.0

I’ve just released version 1.12.0 of the CUNY Academic Commons. Twice each year – once in the spring, and once in the fall – the Commons team prepares a “major” release, which generally includes some new features or large overhauls to existing functionality. Version 1.12.0 is our major release for Fall 2017.

Here’s a brief overview of the major improvements in 1.12:

  • The registration process has seen a substantial streamlining and redesign. Notable changes include the elimination of many profile fields from the registration page #8637, the addition of an improved avatar upload form #8639, and a new “progress” UI for newly registering members #8640.
  • When participating in group forums via email (“Reply by email”), it is now possible to attach files to the email. As long as these files meet our general size and filetype restrictions, they’ll be added as attachments to the forum post #8386.
  • Groups on the Commons are now automatically provided with URLs. Group administrators who would like to customize the automatically-generated URL can request a new one on the group’s Manage panel #6241.
  • We’ve made some under-the-hood improvements to the way that uploaded files on non-public Commons sites are protected. First, we removed a layer of protection for public sites that have no need to hide uploaded images, etc; this change means significant performance improvements, especially on image-heavy pages like the Media Library. Second, we added additional tools that ensure that files uploaded to non-public sites cannot be accessed by guessing their non-public URLs #7997.

For complete details, visit the 1.12 milestone.

A small programming note. We generally do minor releases on the 1st, 11th, and 21st of each month. Because November 1 is only two days from now, I’ve slated 1.12.1 for November 11. This means there will be no release on November 1, unless there is some sort of urgent issue that must be fixed earlier.

Commons 1.9.32

I’ve just released version 1.9.32 of the CUNY Academic Commons. This maintenance release – the last in our 1.9.x series! – includes the following fixes:

  • Suppress some unneeded admin notices
  • Migrate to new ZenDesk help API
  • Fix incorrect URL concatenation on registration page when visiting over HTTPS
  • Remove outdated text from registration page

For complete details, visit the 1.9.32 milestone.

Commons 1.8.1

I’ve just released version 1.8.1 of the CUNY Academic Commons. This maintenance release resolves a number of issues related to last month’s 1.8 release, including:

  • Fixed some bugs related to the way SSL URLs are generated when creating/editing events
  • Improved formatting for event venue archive pages
  • Improved language regarding username character restrictions during registration
  • Fixed incorrect “Cancel” link when editing a BuddyPress Docs item

For complete details, see the 1.8.1 milestone.

Commons 1.6.16

I’ve just released version 1.6.16 of the CUNY Academic Commons. This maintenance release features a security fix related to the Social plugin, and restrictions to the registration process to prevent certain undergraduate accounts.

Due to a logistical problem, there will be no major update release this month. A major update release will take place on October 21, with updates announced on October 5.

For complete details on the release, visit the 1.6.16 milestone.

Wildcard email whitelists in WordPress and BuddyPress

WordPress (and before that WPMU) has long had a feature that allows admins to set a whitelist of email domains for registration (Limited Email Registration). On the Commons, we need to account for a lot of different domains, some of which are actually dynamic – but they are all of the form * WP doesn’t support this kind of wildcards, but we’ve got it working through a series of customizations.

These first two functions form the heart of the process. The first one hooks to the end of the BP registration process, looks for email domain errors, and then sends the request to the second function, which does some regex to check against the wildcard domains you’ve specified. This is BP-specific, but I think you could make it work with WPMS just by changing the hook name.

function cac_signup_email_filter( $result ) {
	global $limited_email_domains;

	if ( !is_array( $limited_email_domains ) )
		$limited_email_domains = get_site_option( 'limited_email_domains' );
	$valid_email_domain_check = cac_wildcard_email_domain_check( $result['user_email'] );	
	if( $valid_email_domain_check ) {
		if ( isset( $result['errors']->errors['user_email'] ) )
			unset( $result['errors']->errors['user_email'] );
	return $result;
add_filter( 'bp_core_validate_user_signup', 'cac_signup_email_filter', 8 );

function cac_wildcard_email_domain_check( $user_email ) {
	global $limited_email_domains;
	if ( !is_array( $limited_email_domains ) )
		$limited_email_domains = get_site_option( 'limited_email_domains' );

	if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { 
		$valid_email_domain_check = false;
		$emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
		foreach ($limited_email_domains as $limited_email_domain) {
			$limited_email_domain = str_replace( '.', '\.', $limited_email_domain);        // Escape your .s
			$limited_email_domain = str_replace('*', '[-_\.a-zA-Z0-9]+', $limited_email_domain);     // replace * with REGEX for 1+ occurrence of anything
			$limited_email_domain = "/^" . $limited_email_domain . "/";   // bracket the email with the necessary pattern markings
			$valid_email_domain_check = ( $valid_email_domain_check or preg_match( $limited_email_domain, $emaildomain ) );

	return $valid_email_domain_check;

Before WP 3.0, this was enough to make it work. The latest WP does increased sanitization on the input of the limited_email_domains field, however, which makes it reject lines like * The following functions add an additional field to the ms-options.php panel that saves the limited domains without doing WP’s core checks. (Beware: bypassing WP’s checks like this means that there are no safeguards in place for well-formedness. Be careful about what you type in the field, or strange things may happen.)

function cac_save_limited_email_domains() {
	if ( $_POST['cac_limited_email_domains'] != '' ) {
		$limited_email_domains = str_replace( ' ', "\n", $_POST['cac_limited_email_domains'] );
		$limited_email_domains = split( "\n", stripslashes( $limited_email_domains ) );
		$limited_email = array();
		foreach ( (array) $limited_email_domains as $domain ) {
				$domain = trim( $domain );
			//if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
				$limited_email[] = trim( $domain );
		update_site_option( 'limited_email_domains', $limited_email );
	} else {
		update_site_option( 'limited_email_domains', '' );
add_action( 'update_wpmu_options', 'cac_save_limited_email_domains' );

function cac_limited_email_domains_markup() {
	<h3><?php _e( 'Limited Email Domains That Actually Work' ); ?></h3>
	<table class="form-table">
	<tr valign="top">
		<th scope="row"><label for="cac_limited_email_domains"><?php _e( 'Limited Email Registrations' ) ?></label></th>
			<?php $limited_email_domains = get_site_option( 'limited_email_domains' );
			$limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?>
			<textarea name="cac_limited_email_domains" id="limited_email_domains" cols="45" rows="5">< ?php echo wp_htmledit_pre( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?>
			<br />
			<?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?>
add_action( 'wpmu_options', 'cac_limited_email_domains_markup' );