WordPress.org

Make WordPress Core

Ticket #16470: 16470.2.patch

File 16470.2.patch, 11.1 KB (added by johnbillion, 18 months ago)
  • src/wp-admin/includes/admin-filters.php

    diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php
    index 141e8aa..97768dd 100644
    add_action( 'admin_notices', 'default_password_nag' ); 
    102102
    103103add_action( 'profile_update', 'default_password_nag_edit_user', 10, 2 );
    104104
     105add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
     106
    105107// Update hooks.
    106108add_action( 'load-plugins.php', 'wp_plugin_update_rows', 20 ); // After wp_update_plugins() is called.
    107109add_action( 'load-themes.php', 'wp_theme_update_rows', 20 ); // After wp_update_themes() is called.
  • src/wp-admin/includes/ms-admin-filters.php

    diff --git src/wp-admin/includes/ms-admin-filters.php src/wp-admin/includes/ms-admin-filters.php
    index fb4f678..3c6cc00 100644
    add_action( 'admin_page_access_denied', '_access_denied_splash', 99 ); 
    1818
    1919add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
    2020
    21 add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
    22 
    2321add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
    2422
    2523// Site Hooks.
  • src/wp-admin/includes/ms.php

    diff --git src/wp-admin/includes/ms.php src/wp-admin/includes/ms.php
    index 0edc308..83632d6 100644
    All at ###SITENAME### 
    326326}
    327327
    328328/**
    329  * Sends an email when an email address change is requested.
    330  *
    331  * @since 3.0.0
    332  *
    333  * @global WP_Error $errors WP_Error object.
    334  * @global wpdb     $wpdb   WordPress database object.
    335  */
    336 function send_confirmation_on_profile_email() {
    337         global $errors, $wpdb;
    338         $current_user = wp_get_current_user();
    339         if ( ! is_object($errors) )
    340                 $errors = new WP_Error();
    341 
    342         if ( $current_user->ID != $_POST['user_id'] )
    343                 return false;
    344 
    345         if ( $current_user->user_email != $_POST['email'] ) {
    346                 if ( !is_email( $_POST['email'] ) ) {
    347                         $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array( 'form-field' => 'email' ) );
    348                         return;
    349                 }
    350 
    351                 if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
    352                         $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
    353                         delete_user_meta( $current_user->ID, '_new_email' );
    354                         return;
    355                 }
    356 
    357                 $hash = md5( $_POST['email'] . time() . mt_rand() );
    358                 $new_user_email = array(
    359                         'hash' => $hash,
    360                         'newemail' => $_POST['email']
    361                 );
    362                 update_user_meta( $current_user->ID, '_new_email', $new_user_email );
    363 
    364                 $switched_locale = switch_to_locale( get_user_locale() );
    365 
    366                 /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
    367                 $email_text = __( 'Howdy ###USERNAME###,
    368 
    369 You recently requested to have the email address on your account changed.
    370 
    371 If this is correct, please click on the following link to change it:
    372 ###ADMIN_URL###
    373 
    374 You can safely ignore and delete this email if you do not want to
    375 take this action.
    376 
    377 This email has been sent to ###EMAIL###
    378 
    379 Regards,
    380 All at ###SITENAME###
    381 ###SITEURL###' );
    382 
    383                 /**
    384                  * Filters the email text sent when a user changes emails.
    385                  *
    386                  * The following strings have a special meaning and will get replaced dynamically:
    387                  * ###USERNAME###  The current user's username.
    388                  * ###ADMIN_URL### The link to click on to confirm the email change.
    389                  * ###EMAIL###     The new email.
    390                  * ###SITENAME###  The name of the site.
    391                  * ###SITEURL###   The URL to the site.
    392                  *
    393                  * @since MU
    394                  *
    395                  * @param string $email_text     Text in the email.
    396                  * @param string $new_user_email New user email that the current user has changed to.
    397                  */
    398                 $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
    399 
    400                 $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
    401                 $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    402                 $content = str_replace( '###EMAIL###', $_POST['email'], $content);
    403                 $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
    404                 $content = str_replace( '###SITEURL###', network_home_url(), $content );
    405 
    406                 wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
    407                 $_POST['email'] = $current_user->user_email;
    408 
    409                 if ( $switched_locale ) {
    410                         restore_previous_locale();
    411                 }
    412         }
    413 }
    414 
    415 /**
    416  * Adds an admin notice alerting the user to check for confirmation email
    417  * after email address change.
    418  *
    419  * @since 3.0.0
    420  *
    421  * @global string $pagenow
    422  */
    423 function new_user_email_admin_notice() {
    424         global $pagenow;
    425         if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
    426                 /* translators: %s: New email address */
    427                 echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
    428         }
    429 }
    430 
    431 /**
    432329 * Check whether a site has used its allotted upload space.
    433330 *
    434331 * @since MU
  • src/wp-admin/user-edit.php

    diff --git src/wp-admin/user-edit.php src/wp-admin/user-edit.php
    index 2222ae2..2fb5a3b 100644
    if ( is_multisite() 
    8282}
    8383
    8484// Execute confirmed email change. See send_confirmation_on_profile_email().
    85 if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
     85if ( IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
    8686        $new_email = get_user_meta( $current_user->ID, '_new_email', true );
    8787        if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
    8888                $user = new stdClass;
    8989                $user->ID = $current_user->ID;
    9090                $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
    91                 if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
     91                if ( is_multisite() && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
    9292                        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
    9393                }
    9494                wp_update_user( $user );
    if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c 
    9898        } else {
    9999                wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
    100100        }
    101 } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
     101} elseif ( IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
    102102        check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
    103103        delete_user_meta( $current_user->ID, '_new_email' );
    104104        wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 6f5dae6..9802f00 100644
    function _wp_get_current_user() { 
    25312531
    25322532        return $current_user;
    25332533}
     2534
     2535/**
     2536 * Sends an email when an email address change is requested.
     2537 *
     2538 * @since 3.0.0
     2539 *
     2540 * @global WP_Error $errors WP_Error object.
     2541 * @global wpdb     $wpdb   WordPress database object.
     2542 */
     2543function send_confirmation_on_profile_email() {
     2544        global $errors, $wpdb;
     2545
     2546        $current_user = wp_get_current_user();
     2547        if ( ! is_object( $errors ) ) {
     2548                $errors = new WP_Error();
     2549        }
     2550
     2551        if ( $current_user->ID != $_POST['user_id'] ) {
     2552                return false;
     2553        }
     2554
     2555        if ( $current_user->user_email != $_POST['email'] ) {
     2556                if ( ! is_email( $_POST['email'] ) ) {
     2557                        $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array( 'form-field' => 'email' ) );
     2558
     2559                        return;
     2560                }
     2561
     2562                if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
     2563                        $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
     2564                        delete_user_meta( $current_user->ID, '_new_email' );
     2565
     2566                        return;
     2567                }
     2568
     2569                $hash           = md5( $_POST['email'] . time() . mt_rand() );
     2570                $new_user_email = array(
     2571                        'hash'     => $hash,
     2572                        'newemail' => $_POST['email']
     2573                );
     2574                update_user_meta( $current_user->ID, '_new_email', $new_user_email );
     2575
     2576                /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     2577                $email_text = __( 'Howdy ###USERNAME###,
     2578
     2579You recently requested to have the email address on your account changed.
     2580
     2581If this is correct, please click on the following link to change it:
     2582###ADMIN_URL###
     2583
     2584You can safely ignore and delete this email if you do not want to
     2585take this action.
     2586
     2587This email has been sent to ###EMAIL###
     2588
     2589Regards,
     2590All at ###SITENAME###
     2591###SITEURL###' );
     2592
     2593                /**
     2594                 * Filters the email text sent when a user changes emails.
     2595                 *
     2596                 * The following strings have a special meaning and will get replaced dynamically:
     2597                 * ###USERNAME###  The current user's username.
     2598                 * ###ADMIN_URL### The link to click on to confirm the email change.
     2599                 * ###EMAIL###     The new email.
     2600                 * ###SITENAME###  The name of the site.
     2601                 * ###SITEURL###   The URL to the site.
     2602                 *
     2603                 * @since MU
     2604                 *
     2605                 * @param string $email_text     Text in the email.
     2606                 * @param string $new_user_email New user email that the current user has changed to.
     2607                 */
     2608                $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
     2609
     2610                $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
     2611                $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
     2612                $content = str_replace( '###EMAIL###', $_POST['email'], $content );
     2613                $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     2614                $content = str_replace( '###SITEURL###', network_home_url(), $content );
     2615
     2616                wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     2617                $_POST['email'] = $current_user->user_email;
     2618        }
     2619}
     2620
     2621/**
     2622 * Adds an admin notice alerting the user to check for confirmation email
     2623 * after email address change.
     2624 *
     2625 * @since 3.0.0
     2626 *
     2627 * @global string $pagenow
     2628 */
     2629function new_user_email_admin_notice() {
     2630        global $pagenow;
     2631        if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
     2632                /* translators: %s: New email address */
     2633                echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
     2634        }
     2635}