Ticket #38474: 38474.patch
File 38474.patch, 9.4 KB (added by , 8 years ago) |
---|
-
wp-activate.php
81 81 <label for="key"><?php _e('Activation Key:') ?></label> 82 82 <br /><input type="text" name="key" id="key" value="" size="50" /> 83 83 </p> 84 <p> 85 <label for="key"><?php _e('Signup ID:') ?></label> 86 <br /><input type="number" name="signup_id" id="signup_id" value="" size="50" /> 87 </p> 84 88 <p class="submit"> 85 89 <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e('Activate') ?>" /> 86 90 </p> … … 89 93 <?php } else { 90 94 91 95 $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key']; 92 $result = wpmu_activate_signup( $key ); 96 $signup_id = !empty($_GET['signup_id']) ? $_GET['signup_id'] : $_POST['signup_id']; 97 $result = wpmu_activate_signup( $key, $signup_id ); 93 98 if ( is_wp_error($result) ) { 94 99 if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) { 95 100 $signup = $result->get_error_data(); -
wp-admin/user-new.php
153 153 } 154 154 wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) ); 155 155 if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) { 156 $ key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_keyFROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );157 $new_user = wpmu_activate_signup( $ key);156 $results = $wpdb->get_results( $wpdb->prepare( "SELECT activation_key, signup_id FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); 157 $new_user = wpmu_activate_signup( $results[0]['activation_key'], $results[0]['signup_id'] ); 158 158 if ( is_wp_error( $new_user ) ) { 159 159 $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' ), 'user-new.php' ); 160 160 } else { -
wp-includes/ms-default-filters.php
26 26 add_action( 'wpmu_new_user', 'newuser_notify_siteadmin' ); 27 27 add_action( 'wpmu_activate_user', 'add_new_user_to_blog', 10, 3 ); 28 28 add_action( 'wpmu_activate_user', 'wpmu_welcome_user_notification', 10, 3 ); 29 add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 4);29 add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 5 ); 30 30 add_action( 'network_site_new_created_user', 'wp_send_new_user_notifications' ); 31 31 add_action( 'network_site_users_created_user', 'wp_send_new_user_notifications' ); 32 32 add_action( 'network_user_new_created_user', 'wp_send_new_user_notifications' ); … … 37 37 add_action( 'wpmu_new_blog', 'wpmu_log_new_registrations', 10, 2 ); 38 38 add_action( 'wpmu_new_blog', 'newblog_notify_siteadmin', 10, 2 ); 39 39 add_action( 'wpmu_activate_blog', 'wpmu_welcome_notification', 10, 5 ); 40 add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 7);40 add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 8 ); 41 41 42 42 // Register Nonce 43 43 add_action( 'signup_hidden_fields', 'signup_nonce_fields' ); -
wp-includes/ms-functions.php
667 667 * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. 668 668 */ 669 669 function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() ) { 670 global $wpdb ;670 global $wpdb, $wp_hasher; 671 671 672 672 $key = substr( md5( time() . wp_rand() . $domain ), 0, 16 ); 673 673 674 if ( empty( $wp_hasher ) ) { 675 $wp_hasher = new PasswordHash( 8, true ); 676 } 677 678 $hashed = $wp_hasher->HashPassword( $key ); 679 674 680 $wpdb->insert( $wpdb->signups, array( 675 681 'domain' => $domain, 676 682 'path' => $path, … … 678 684 'user_login' => $user, 679 685 'user_email' => $user_email, 680 686 'registered' => current_time('mysql', true), 681 'activation_key' => $ key,687 'activation_key' => $hashed, 682 688 'meta' => serialize( $meta ) 683 689 ) ); 684 690 … … 694 700 * @param string $user_email The user's email address. 695 701 * @param string $key The user's activation key. 696 702 * @param array $meta Signup meta data. By default, contains the requested privacy setting and lang_id. 703 * @param int $signup_id Signup ID. 697 704 */ 698 do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta );705 do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta, $wpdb->insert_id ); 699 706 } 700 707 701 708 /** … … 713 720 * @param array $meta Optional. Signup meta data. Default empty array. 714 721 */ 715 722 function wpmu_signup_user( $user, $user_email, $meta = array() ) { 716 global $wpdb ;723 global $wpdb, $wp_hasher; 717 724 718 725 // Format data 719 726 $user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) ); … … 720 727 $user_email = sanitize_email( $user_email ); 721 728 $key = substr( md5( time() . wp_rand() . $user_email ), 0, 16 ); 722 729 730 if ( empty( $wp_hasher ) ) { 731 $wp_hasher = new PasswordHash( 8, true ); 732 } 733 734 $hashed = $wp_hasher->HashPassword( $key ); 735 723 736 $wpdb->insert( $wpdb->signups, array( 724 737 'domain' => '', 725 738 'path' => '', … … 727 740 'user_login' => $user, 728 741 'user_email' => $user_email, 729 742 'registered' => current_time('mysql', true), 730 'activation_key' => $ key,743 'activation_key' => $hashed, 731 744 'meta' => serialize( $meta ) 732 745 ) ); 733 746 … … 740 753 * @param string $user_email The user's email address. 741 754 * @param string $key The user's activation key. 742 755 * @param array $meta Signup meta data. Default empty array. 756 * @param int $signup_id Signup ID. 743 757 */ 744 do_action( 'after_signup_user', $user, $user_email, $key, $meta );758 do_action( 'after_signup_user', $user, $user_email, $key, $meta, $wpdb->insert_id ); 745 759 } 746 760 747 761 /** … … 766 780 * @param string $user_email The user's email address. 767 781 * @param string $key The activation key created in wpmu_signup_blog() 768 782 * @param array $meta Optional. Signup meta data. By default, contains the requested privacy setting and lang_id. 783 * @param int $signup_id Signup ID. 769 784 * @return bool 770 785 */ 771 function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array() ) {786 function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array(), $signup_id ) { 772 787 /** 773 788 * Filters whether to bypass the new site email notification. 774 789 * … … 788 803 789 804 // Send email with activation link. 790 805 if ( !is_subdomain_install() || get_current_network_id() != 1 ) 791 $activate_url = network_site_url("wp-activate.php?key=$key ");806 $activate_url = network_site_url("wp-activate.php?key=$key&signup_id=$signup_id"); 792 807 else 793 $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key "; // @todo use *_url() API808 $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key&signup_id=$signup_id"; // @todo use *_url() API 794 809 795 810 $activate_url = esc_url($activate_url); 796 811 $admin_email = get_site_option( 'admin_email' ); … … 879 894 * @param string $user_email The user's email address. 880 895 * @param string $key The activation key created in wpmu_signup_user() 881 896 * @param array $meta Optional. Signup meta data. Default empty array. 897 * @param int $signup_id Signup ID. 882 898 * @return bool 883 899 */ 884 function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array() ) {900 function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array(), $signup_id ) { 885 901 /** 886 902 * Filters whether to bypass the email notification for new user sign-up. 887 903 * … … 922 938 __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login." ), 923 939 $user_login, $user_email, $key, $meta 924 940 ), 925 site_url( "wp-activate.php?key=$key " )941 site_url( "wp-activate.php?key=$key&signup_id=$signup_id" ) 926 942 ); 927 943 // TODO: Don't hard code activation link. 928 944 $subject = sprintf( … … 967 983 * @global wpdb $wpdb WordPress database abstraction object. 968 984 * 969 985 * @param string $key The activation key provided to the user. 986 * @param int $signup_id The Signup ID. 970 987 * @return array|WP_Error An array containing information about the activated user and/or blog 971 988 */ 972 function wpmu_activate_signup( $key) {973 global $wpdb ;989 function wpmu_activate_signup( $key, $signup_id ) { 990 global $wpdb, $wp_hasher; 974 991 975 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) );992 $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE signup_id = %d", $signup_id ) ); 976 993 977 if ( empty( $signup ) ) 994 if ( empty( $signup ) ) { 995 return new WP_Error( 'invalid_id', __( 'Invalid signup ID.' ) ); 996 } 997 998 if ( empty( $wp_hasher ) ) { 999 $wp_hasher = new PasswordHash( 8, true ); 1000 } 1001 1002 if ( ! $wp_hasher->CheckPassword( $key, $signup->activation_key ) ) { 978 1003 return new WP_Error( 'invalid_key', __( 'Invalid activation key.' ) ); 1004 } 979 1005 980 1006 if ( $signup->active ) { 981 1007 if ( empty( $signup->domain ) )