Ticket #38474: 38474.2.patch
File 38474.2.patch, 10.8 KB (added by , 7 years ago) |
---|
-
wp-activate.php
81 81 <label for="key"><?php _e('Activation Key:') ?></label> 82 82 <br /><input type="text" name="key" id="key" value="" size="50" /> 83 83 </p> 84 <p> 85 <label for="key"><?php _e( 'Signup ID:' ) ?></label> 86 <br /><input type="number" name="signup_id" id="signup_id" value="" size="50" /> 87 </p> 84 88 <p class="submit"> 85 89 <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e('Activate') ?>" /> 86 90 </p> … … 88 92 89 93 <?php } else { 90 94 91 $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key']; 92 $result = wpmu_activate_signup( $key ); 95 $key = ! empty( $_GET['key'] ) ? $_GET['key'] : $_POST['key']; 96 $signup_id = ! empty( $_GET['signup_id'] ) ? $_GET['signup_id'] : $_POST['signup_id']; 97 $result = wpmu_activate_signup( $key, $signup_id ); 93 98 if ( is_wp_error($result) ) { 94 99 if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) { 95 100 $signup = $result->get_error_data(); -
wp-admin/user-new.php
158 158 } 159 159 wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => get_current_blog_id(), 'new_role' => $_REQUEST['role'] ) ); 160 160 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 161 $ key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_keyFROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );162 $new_user = wpmu_activate_signup( $ key);161 $row = $wpdb->get_row( $wpdb->prepare( "SELECT activation_key, signup_id FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); 162 $new_user = wpmu_activate_signup( $row['activation_key'], $row['signup_id'] ); 163 163 if ( is_wp_error( $new_user ) ) { 164 164 $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' ), 'user-new.php' ); 165 165 } elseif ( ! is_user_member_of_blog( $new_user['user_id'] ) ) { -
wp-includes/ms-default-filters.php
26 26 add_action( 'wpmu_new_user', 'newuser_notify_siteadmin' ); 27 27 add_action( 'wpmu_activate_user', 'add_new_user_to_blog', 10, 3 ); 28 28 add_action( 'wpmu_activate_user', 'wpmu_welcome_user_notification', 10, 3 ); 29 add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 4);29 add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 5 ); 30 30 add_action( 'network_site_new_created_user', 'wp_send_new_user_notifications' ); 31 31 add_action( 'network_site_users_created_user', 'wp_send_new_user_notifications' ); 32 32 add_action( 'network_user_new_created_user', 'wp_send_new_user_notifications' ); … … 40 40 add_action( 'wpmu_new_blog', 'wpmu_log_new_registrations', 10, 2 ); 41 41 add_action( 'wpmu_new_blog', 'newblog_notify_siteadmin', 10, 2 ); 42 42 add_action( 'wpmu_activate_blog', 'wpmu_welcome_notification', 10, 5 ); 43 add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 7);43 add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 8 ); 44 44 45 45 // Register Nonce 46 46 add_action( 'signup_hidden_fields', 'signup_nonce_fields' ); -
wp-includes/ms-functions.php
704 704 * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. 705 705 */ 706 706 function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() ) { 707 global $wpdb ;707 global $wpdb, $wp_hasher; 708 708 709 709 $key = substr( md5( time() . wp_rand() . $domain ), 0, 16 ); 710 710 711 if ( empty( $wp_hasher ) ) { 712 $wp_hasher = new PasswordHash( 8, true ); 713 } 714 715 $hashed = $wp_hasher->HashPassword( $key ); 716 711 717 /** 712 718 * Filters the metadata for a site signup. 713 719 * … … 722 728 * @param string $user The user's requested login name. 723 729 * @param string $user_email The user's email address. 724 730 * @param string $key The user's activation key. 731 * @param string $hashed The user's hashed activation key. 725 732 */ 726 $meta = apply_filters( 'signup_site_meta', $meta, $domain, $path, $title, $user, $user_email, $key );733 $meta = apply_filters( 'signup_site_meta', $meta, $domain, $path, $title, $user, $user_email, $key, $hashed ); 727 734 728 735 $wpdb->insert( $wpdb->signups, array( 729 736 'domain' => $domain, … … 732 739 'user_login' => $user, 733 740 'user_email' => $user_email, 734 741 'registered' => current_time('mysql', true), 735 'activation_key' => $ key,742 'activation_key' => $hashed, 736 743 'meta' => serialize( $meta ) 737 744 ) ); 738 745 … … 748 755 * @param string $user_email The user's email address. 749 756 * @param string $key The user's activation key. 750 757 * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. 758 * @param int $signup_id Signup ID. 759 * @param string $hashed The user's hashed activation key. 751 760 */ 752 do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta );761 do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta, $wpdb->insert_id, $hashed ); 753 762 } 754 763 755 764 /** … … 767 776 * @param array $meta Optional. Signup meta data. Default empty array. 768 777 */ 769 778 function wpmu_signup_user( $user, $user_email, $meta = array() ) { 770 global $wpdb ;779 global $wpdb, $wp_hasher; 771 780 772 781 // Format data 773 782 $user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) ); … … 774 783 $user_email = sanitize_email( $user_email ); 775 784 $key = substr( md5( time() . wp_rand() . $user_email ), 0, 16 ); 776 785 786 if ( empty( $wp_hasher ) ) { 787 $wp_hasher = new PasswordHash( 8, true ); 788 } 789 790 $hashed = $wp_hasher->HashPassword( $key ); 791 777 792 /** 778 793 * Filters the metadata for a user signup. 779 794 * … … 785 800 * @param string $user The user's requested login name. 786 801 * @param string $user_email The user's email address. 787 802 * @param string $key The user's activation key. 803 * @param string $hashed The user's hashed activation key. 788 804 */ 789 $meta = apply_filters( 'signup_user_meta', $meta, $user, $user_email, $key );805 $meta = apply_filters( 'signup_user_meta', $meta, $user, $user_email, $key, $hashed ); 790 806 791 807 $wpdb->insert( $wpdb->signups, array( 792 808 'domain' => '', … … 795 811 'user_login' => $user, 796 812 'user_email' => $user_email, 797 813 'registered' => current_time('mysql', true), 798 'activation_key' => $ key,814 'activation_key' => $hashed, 799 815 'meta' => serialize( $meta ) 800 816 ) ); 801 817 … … 808 824 * @param string $user_email The user's email address. 809 825 * @param string $key The user's activation key. 810 826 * @param array $meta Signup meta data. Default empty array. 827 * @param int $signup_id Signup ID. 828 * @param string $hashed The user's hashed activation key. 811 829 */ 812 do_action( 'after_signup_user', $user, $user_email, $key, $meta );830 do_action( 'after_signup_user', $user, $user_email, $key, $meta, $wpdb->insert_id, $hashed ); 813 831 } 814 832 815 833 /** … … 835 853 * @param string $user_email The user's email address. 836 854 * @param string $key The activation key created in wpmu_signup_blog() 837 855 * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. 856 * @param int $signup_id Signup ID. 838 857 * @return bool 839 858 */ 840 function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array() ) {859 function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array(), $signup_id ) { 841 860 /** 842 861 * Filters whether to bypass the new site email notification. 843 862 * … … 857 876 858 877 // Send email with activation link. 859 878 if ( !is_subdomain_install() || get_current_network_id() != 1 ) 860 $activate_url = network_site_url( "wp-activate.php?key=$key");879 $activate_url = network_site_url( "wp-activate.php?key=$key&signup_id=$signup_id" ); 861 880 else 862 $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key "; // @todo use *_url() API881 $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key&signup_id=$signup_id"; // @todo use *_url() API 863 882 864 883 $activate_url = esc_url($activate_url); 865 884 $admin_email = get_site_option( 'admin_email' ); … … 949 968 * @param string $user_email The user's email address. 950 969 * @param string $key The activation key created in wpmu_signup_user() 951 970 * @param array $meta Optional. Signup meta data. Default empty array. 971 * @param int $signup_id Signup ID. 952 972 * @return bool 953 973 */ 954 function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array() ) {974 function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array(), $signup_id ) { 955 975 /** 956 976 * Filters whether to bypass the email notification for new user sign-up. 957 977 * … … 992 1012 __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login." ), 993 1013 $user_login, $user_email, $key, $meta 994 1014 ), 995 site_url( "wp-activate.php?key=$key " )1015 site_url( "wp-activate.php?key=$key&signup_id=$signup_id" ) 996 1016 ); 997 1017 // TODO: Don't hard code activation link. 998 1018 $subject = sprintf( … … 1037 1057 * @global wpdb $wpdb WordPress database abstraction object. 1038 1058 * 1039 1059 * @param string $key The activation key provided to the user. 1060 * @param int $signup_id The Signup ID. 1040 1061 * @return array|WP_Error An array containing information about the activated user and/or blog 1041 1062 */ 1042 function wpmu_activate_signup( $key) {1043 global $wpdb ;1063 function wpmu_activate_signup( $key, $signup_id ) { 1064 global $wpdb, $wp_hasher; 1044 1065 1045 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) );1066 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE activation_key = %s OR signup_id = %d", $key, $signup_id ) ); 1046 1067 1047 if ( empty( $signup ) ) 1068 if ( empty( $signup ) ) { 1069 return new WP_Error( 'invalid_id', __( 'Invalid signup ID.' ) ); 1070 } 1071 1072 if ( empty( $wp_hasher ) ) { 1073 $wp_hasher = new PasswordHash( 8, true ); 1074 } 1075 1076 if ( $key === $signup->activation_key ) { 1077 return new WP_Error( 'expired_key', __( 'Invalid key' ) ); 1078 } 1079 1080 if ( ! $wp_hasher->CheckPassword( $key, $signup->activation_key ) ) { 1048 1081 return new WP_Error( 'invalid_key', __( 'Invalid activation key.' ) ); 1082 } 1049 1083 1050 1084 if ( $signup->active ) { 1051 1085 if ( empty( $signup->domain ) )