WordPress.org

Make WordPress Core

Ticket #38474: 38474.patch

File 38474.patch, 9.4 KB (added by bor0, 2 years ago)
  • wp-activate.php

     
    8181                            <label for="key"><?php _e('Activation Key:') ?></label>
    8282                            <br /><input type="text" name="key" id="key" value="" size="50" />
    8383                        </p>
     84                        <p>
     85                            <label for="key"><?php _e('Signup ID:') ?></label>
     86                            <br /><input type="number" name="signup_id" id="signup_id" value="" size="50" />
     87                        </p>
    8488                        <p class="submit">
    8589                            <input id="submit" type="submit" name="Submit" class="submit" value="<?php esc_attr_e('Activate') ?>" />
    8690                        </p>
     
    8993        <?php } else {
    9094
    9195                $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
    92                 $result = wpmu_activate_signup( $key );
     96                $signup_id = !empty($_GET['signup_id']) ? $_GET['signup_id'] : $_POST['signup_id'];
     97                $result = wpmu_activate_signup( $key, $signup_id );
    9398                if ( is_wp_error($result) ) {
    9499                        if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
    95100                                $signup = $result->get_error_data();
  • wp-admin/user-new.php

     
    153153                        }
    154154                        wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
    155155                        if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
    156                                 $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
    157                                 $new_user = wpmu_activate_signup( $key );
     156                                $results = $wpdb->get_results( $wpdb->prepare( "SELECT activation_key, signup_id FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
     157                                $new_user = wpmu_activate_signup( $results[0]['activation_key'], $results[0]['signup_id'] );
    158158                                if ( is_wp_error( $new_user ) ) {
    159159                                        $redirect = add_query_arg( array( 'update' => 'addnoconfirmation' ), 'user-new.php' );
    160160                                } else {
  • wp-includes/ms-default-filters.php

     
    2626add_action( 'wpmu_new_user', 'newuser_notify_siteadmin' );
    2727add_action( 'wpmu_activate_user', 'add_new_user_to_blog', 10, 3 );
    2828add_action( 'wpmu_activate_user', 'wpmu_welcome_user_notification', 10, 3 );
    29 add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 4 );
     29add_action( 'after_signup_user', 'wpmu_signup_user_notification', 10, 5 );
    3030add_action( 'network_site_new_created_user',   'wp_send_new_user_notifications' );
    3131add_action( 'network_site_users_created_user', 'wp_send_new_user_notifications' );
    3232add_action( 'network_user_new_created_user',   'wp_send_new_user_notifications' );
     
    3737add_action( 'wpmu_new_blog', 'wpmu_log_new_registrations', 10, 2 );
    3838add_action( 'wpmu_new_blog', 'newblog_notify_siteadmin', 10, 2 );
    3939add_action( 'wpmu_activate_blog', 'wpmu_welcome_notification', 10, 5 );
    40 add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 7 );
     40add_action( 'after_signup_site', 'wpmu_signup_blog_notification', 10, 8 );
    4141
    4242// Register Nonce
    4343add_action( 'signup_hidden_fields', 'signup_nonce_fields' );
  • wp-includes/ms-functions.php

     
    667667 * @param array  $meta       Optional. Signup meta data. By default, contains the requested privacy setting and lang_id.
    668668 */
    669669function wpmu_signup_blog( $domain, $path, $title, $user, $user_email, $meta = array() )  {
    670         global $wpdb;
     670        global $wpdb, $wp_hasher;
    671671
    672672        $key = substr( md5( time() . wp_rand() . $domain ), 0, 16 );
    673673
     674        if ( empty( $wp_hasher ) ) {
     675                $wp_hasher = new PasswordHash( 8, true );
     676        }
     677
     678        $hashed = $wp_hasher->HashPassword( $key );
     679
    674680        $wpdb->insert( $wpdb->signups, array(
    675681                'domain' => $domain,
    676682                'path' => $path,
     
    678684                'user_login' => $user,
    679685                'user_email' => $user_email,
    680686                'registered' => current_time('mysql', true),
    681                 'activation_key' => $key,
     687                'activation_key' => $hashed,
    682688                'meta' => serialize( $meta )
    683689        ) );
    684690
     
    694700         * @param string $user_email The user's email address.
    695701         * @param string $key        The user's activation key.
    696702         * @param array  $meta       Signup meta data. By default, contains the requested privacy setting and lang_id.
     703         * @param int    $signup_id  Signup ID.
    697704         */
    698         do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta );
     705        do_action( 'after_signup_site', $domain, $path, $title, $user, $user_email, $key, $meta, $wpdb->insert_id );
    699706}
    700707
    701708/**
     
    713720 * @param array  $meta       Optional. Signup meta data. Default empty array.
    714721 */
    715722function wpmu_signup_user( $user, $user_email, $meta = array() ) {
    716         global $wpdb;
     723        global $wpdb, $wp_hasher;
    717724
    718725        // Format data
    719726        $user = preg_replace( '/\s+/', '', sanitize_user( $user, true ) );
     
    720727        $user_email = sanitize_email( $user_email );
    721728        $key = substr( md5( time() . wp_rand() . $user_email ), 0, 16 );
    722729
     730        if ( empty( $wp_hasher ) ) {
     731                $wp_hasher = new PasswordHash( 8, true );
     732        }
     733
     734        $hashed = $wp_hasher->HashPassword( $key );
     735
    723736        $wpdb->insert( $wpdb->signups, array(
    724737                'domain' => '',
    725738                'path' => '',
     
    727740                'user_login' => $user,
    728741                'user_email' => $user_email,
    729742                'registered' => current_time('mysql', true),
    730                 'activation_key' => $key,
     743                'activation_key' => $hashed,
    731744                'meta' => serialize( $meta )
    732745        ) );
    733746
     
    740753         * @param string $user_email The user's email address.
    741754         * @param string $key        The user's activation key.
    742755         * @param array  $meta       Signup meta data. Default empty array.
     756         * @param int    $signup_id  Signup ID.
    743757         */
    744         do_action( 'after_signup_user', $user, $user_email, $key, $meta );
     758        do_action( 'after_signup_user', $user, $user_email, $key, $meta, $wpdb->insert_id );
    745759}
    746760
    747761/**
     
    766780 * @param string $user_email The user's email address.
    767781 * @param string $key        The activation key created in wpmu_signup_blog()
    768782 * @param array  $meta       Optional. Signup meta data. By default, contains the requested privacy setting and lang_id.
     783 * @param int    $signup_id  Signup ID.
    769784 * @return bool
    770785 */
    771 function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array() ) {
     786function wpmu_signup_blog_notification( $domain, $path, $title, $user_login, $user_email, $key, $meta = array(), $signup_id ) {
    772787        /**
    773788         * Filters whether to bypass the new site email notification.
    774789         *
     
    788803
    789804        // Send email with activation link.
    790805        if ( !is_subdomain_install() || get_current_network_id() != 1 )
    791                 $activate_url = network_site_url("wp-activate.php?key=$key");
     806                $activate_url = network_site_url("wp-activate.php?key=$key&signup_id=$signup_id");
    792807        else
    793                 $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key"; // @todo use *_url() API
     808                $activate_url = "http://{$domain}{$path}wp-activate.php?key=$key&signup_id=$signup_id"; // @todo use *_url() API
    794809
    795810        $activate_url = esc_url($activate_url);
    796811        $admin_email = get_site_option( 'admin_email' );
     
    879894 * @param string $user_email The user's email address.
    880895 * @param string $key        The activation key created in wpmu_signup_user()
    881896 * @param array  $meta       Optional. Signup meta data. Default empty array.
     897 * @param int    $signup_id  Signup ID.
    882898 * @return bool
    883899 */
    884 function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array() ) {
     900function wpmu_signup_user_notification( $user_login, $user_email, $key, $meta = array(), $signup_id ) {
    885901        /**
    886902         * Filters whether to bypass the email notification for new user sign-up.
    887903         *
     
    922938                        __( "To activate your user, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login." ),
    923939                        $user_login, $user_email, $key, $meta
    924940                ),
    925                 site_url( "wp-activate.php?key=$key" )
     941                site_url( "wp-activate.php?key=$key&signup_id=$signup_id" )
    926942        );
    927943        // TODO: Don't hard code activation link.
    928944        $subject = sprintf(
     
    967983 * @global wpdb $wpdb WordPress database abstraction object.
    968984 *
    969985 * @param string $key The activation key provided to the user.
     986 * @param int $signup_id The Signup ID.
    970987 * @return array|WP_Error An array containing information about the activated user and/or blog
    971988 */
    972 function wpmu_activate_signup($key) {
    973         global $wpdb;
     989function wpmu_activate_signup( $key, $signup_id ) {
     990        global $wpdb, $wp_hasher;
    974991
    975         $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE activation_key = %s", $key) );
     992        $signup = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->signups WHERE signup_id = %d", $signup_id ) );
    976993
    977         if ( empty( $signup ) )
     994        if ( empty( $signup ) ) {
     995                return new WP_Error( 'invalid_id', __( 'Invalid signup ID.' ) );
     996        }
     997
     998        if ( empty( $wp_hasher ) ) {
     999                $wp_hasher = new PasswordHash( 8, true );
     1000        }
     1001
     1002        if ( ! $wp_hasher->CheckPassword( $key, $signup->activation_key ) ) {
    9781003                return new WP_Error( 'invalid_key', __( 'Invalid activation key.' ) );
     1004        }
    9791005
    9801006        if ( $signup->active ) {
    9811007                if ( empty( $signup->domain ) )