WordPress.org

Make WordPress Core

Ticket #39118: 39118.2.diff

File 39118.2.diff, 17.0 KB (added by johnbillion, 6 months ago)
  • src/wp-admin/includes/admin-filters.php

    diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php
    index 240474949c..7f94480d02 100644
    add_action( 'update_option_siteurl', 'update_home_siteurl', 10, 2 ); 
    5656add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 ); 
    5757add_action( 'update_option_admin_email',   'wp_site_admin_email_change_notification', 10, 3 ); 
    5858 
     59add_action( 'add_option_new_admin_email',    'update_option_new_admin_email', 10, 2 ); 
     60add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 
     61 
    5962add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 ); 
    6063add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 ); 
    6164add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 ); 
  • src/wp-admin/includes/misc.php

    diff --git src/wp-admin/includes/misc.php src/wp-admin/includes/misc.php
    index 679b9ac5d6..d5ba04dfe3 100644
    function wp_page_reload_on_back_button_js() { 
    936936        </script> 
    937937        <?php 
    938938} 
     939 
     940/** 
     941 * Send a confirmation request email when a change of site admin email address is attempted. 
     942 * 
     943 * The new site admin address will not become active until confirmed. 
     944 * 
     945 * @since 3.0.0 
     946 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. 
     947 * 
     948 * @param string $old_value The old site admin email address. 
     949 * @param string $value     The proposed new site admin email address. 
     950 */ 
     951function update_option_new_admin_email( $old_value, $value ) { 
     952        if ( $value == get_option( 'admin_email' ) || !is_email( $value ) ) { 
     953                return; 
     954        } 
     955 
     956        $hash = md5( $value . time() . mt_rand() ); 
     957        $new_admin_email = array( 
     958                'hash'     => $hash, 
     959                'newemail' => $value, 
     960        ); 
     961        update_option( 'adminhash', $new_admin_email ); 
     962 
     963        $switched_locale = switch_to_locale( get_user_locale() ); 
     964 
     965        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
     966        $email_text = __( 'Howdy ###USERNAME###, 
     967 
     968You recently requested to have the administration email address on 
     969your site changed. 
     970 
     971If this is correct, please click on the following link to change it: 
     972###ADMIN_URL### 
     973 
     974You can safely ignore and delete this email if you do not want to 
     975take this action. 
     976 
     977This email has been sent to ###EMAIL### 
     978 
     979Regards, 
     980All at ###SITENAME### 
     981###SITEURL###' ); 
     982 
     983        /** 
     984         * Filters the text of the email sent when a change of site admin email address is attempted. 
     985         * 
     986         * The following strings have a special meaning and will get replaced dynamically: 
     987         * ###USERNAME###  The current user's username. 
     988         * ###ADMIN_URL### The link to click on to confirm the email change. 
     989         * ###EMAIL###     The proposed new site admin email address. 
     990         * ###SITENAME###  The name of the site. 
     991         * ###SITEURL###   The URL to the site. 
     992         * 
     993         * @since MU (3.0.0) 
     994         * @since 4.9.0 This filter is no longer Multisite specific. 
     995         * 
     996         * @param string $email_text      Text in the email. 
     997         * @param array  $new_admin_email { 
     998         *     Data relating to the new site admin email address. 
     999         * 
     1000         *     @type string $hash     The secure hash used in the confirmation link URL. 
     1001         *     @type string $newemail The proposed new site admin email address. 
     1002         * } 
     1003         */ 
     1004        $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); 
     1005 
     1006        $current_user = wp_get_current_user(); 
     1007        $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 
     1008        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 
     1009        $content = str_replace( '###EMAIL###', $value, $content ); 
     1010        $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
     1011        $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
     1012 
     1013        wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
     1014 
     1015        if ( $switched_locale ) { 
     1016                restore_previous_locale(); 
     1017        } 
     1018} 
  • src/wp-admin/includes/ms-admin-filters.php

    diff --git src/wp-admin/includes/ms-admin-filters.php src/wp-admin/includes/ms-admin-filters.php
    index 20dc77e7c2..c96b3f42e6 100644
    add_action( 'user_admin_notices', 'new_user_email_admin_notice' ); 
    1515 
    1616add_action( 'admin_page_access_denied', '_access_denied_splash', 99 ); 
    1717 
    18 add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 
    19  
    20 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 
    21  
    2218// Site Hooks. 
    2319add_action( 'wpmueditblogaction', 'upload_space_setting' ); 
    2420 
  • src/wp-admin/includes/ms.php

    diff --git src/wp-admin/includes/ms.php src/wp-admin/includes/ms.php
    index 83bcd1bbc3..b50f1ebf64 100644
    function wpmu_delete_user( $id ) { 
    266266} 
    267267 
    268268/** 
    269  * Send a confirmation request email when a change of site admin email address is attempted. 
    270  * 
    271  * The new site admin address will not become active until confirmed. 
    272  * 
    273  * @since 3.0.0 
    274  * 
    275  * @param string $old_value The old site admin email address. 
    276  * @param string $value     The proposed new site admin email address. 
    277  */ 
    278 function update_option_new_admin_email( $old_value, $value ) { 
    279         if ( $value == get_option( 'admin_email' ) || !is_email( $value ) ) 
    280                 return; 
    281  
    282         $hash = md5( $value. time() .mt_rand() ); 
    283         $new_admin_email = array( 
    284                 'hash' => $hash, 
    285                 'newemail' => $value 
    286         ); 
    287         update_option( 'adminhash', $new_admin_email ); 
    288  
    289         $switched_locale = switch_to_locale( get_user_locale() ); 
    290  
    291         /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
    292         $email_text = __( 'Howdy ###USERNAME###, 
    293  
    294 You recently requested to have the administration email address on 
    295 your site changed. 
    296  
    297 If this is correct, please click on the following link to change it: 
    298 ###ADMIN_URL### 
    299  
    300 You can safely ignore and delete this email if you do not want to 
    301 take this action. 
    302  
    303 This email has been sent to ###EMAIL### 
    304  
    305 Regards, 
    306 All at ###SITENAME### 
    307 ###SITEURL###' ); 
    308  
    309         /** 
    310          * Filters the text of the email sent when a change of site admin email address is attempted. 
    311          * 
    312          * The following strings have a special meaning and will get replaced dynamically: 
    313          * ###USERNAME###  The current user's username. 
    314          * ###ADMIN_URL### The link to click on to confirm the email change. 
    315          * ###EMAIL###     The proposed new site admin email address. 
    316          * ###SITENAME###  The name of the site. 
    317          * ###SITEURL###   The URL to the site. 
    318          * 
    319          * @since MU (3.0.0) 
    320          * 
    321          * @param string $email_text      Text in the email. 
    322          * @param array  $new_admin_email { 
    323          *     Data relating to the new site admin email address. 
    324          * 
    325          *     @type string $hash     The secure hash used in the confirmation link URL. 
    326          *     @type string $newemail The proposed new site admin email address. 
    327          * } 
    328          */ 
    329         $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); 
    330  
    331         $current_user = wp_get_current_user(); 
    332         $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 
    333         $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 
    334         $content = str_replace( '###EMAIL###', $value, $content ); 
    335         $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
    336         $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    337  
    338         wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
    339  
    340         if ( $switched_locale ) { 
    341                 restore_previous_locale(); 
    342         } 
    343 } 
    344  
    345 /** 
    346269 * Check whether a site has used its allotted upload space. 
    347270 * 
    348271 * @since MU (3.0.0) 
  • src/wp-admin/options-general.php

    diff --git src/wp-admin/options-general.php src/wp-admin/options-general.php
    index 834f02733a..0fcdde3518 100644
    include( ABSPATH . 'wp-admin/admin-header.php' ); 
    5656<?php settings_fields('general'); ?> 
    5757 
    5858<table class="form-table"> 
     59 
    5960<tr> 
    6061<th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th> 
    6162<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td> 
    6263</tr> 
     64 
    6365<tr> 
    6466<th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th> 
    6567<td><input name="blogdescription" type="text" id="blogdescription" aria-describedby="tagline-description" value="<?php form_option('blogdescription'); ?>" class="regular-text" /> 
    6668<p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td> 
    6769</tr> 
     70 
    6871<?php if ( !is_multisite() ) { ?> 
     72 
    6973<tr> 
    7074<th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th> 
    7175<td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td> 
    7276</tr> 
     77 
    7378<tr> 
    7479<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th> 
    7580<td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" /> 
    include( ABSPATH . 'wp-admin/admin-header.php' ); 
    7782<p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td> 
    7883<?php endif; ?> 
    7984</tr> 
     85 
     86<?php } ?> 
     87 
    8088<tr> 
    81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th> 
    82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
    83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td> 
     89<th scope="row"><label for="new_admin_email"><?php _e( 'Email Address' ); ?></label></th> 
     90<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
     91<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?></p> 
     92<?php 
     93$new_admin_email = get_option( 'new_admin_email' ); 
     94if ( $new_admin_email && $new_admin_email != get_option( 'admin_email' ) ) : ?> 
     95        <div class="updated inline"> 
     96        <p><?php 
     97                printf( 
     98                        /* translators: %s: new admin email */ 
     99                        __( 'There is a pending change of the admin email to %s.' ), 
     100                        '<code>' . esc_html( $new_admin_email ) . '</code>' 
     101                ); 
     102                printf( 
     103                        ' <a href="%1$s">%2$s</a>', 
     104                        esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 
     105                        __( 'Cancel' ) 
     106                ); 
     107        ?></p> 
     108        </div> 
     109<?php endif; ?> 
     110</td> 
    84111</tr> 
     112 
     113<?php if ( ! is_multisite() ) { ?> 
     114 
    85115<tr> 
    86116<th scope="row"><?php _e('Membership') ?></th> 
    87117<td> <fieldset><legend class="screen-reader-text"><span><?php _e('Membership') ?></span></legend><label for="users_can_register"> 
    include( ABSPATH . 'wp-admin/admin-header.php' ); 
    89119<?php _e('Anyone can register') ?></label> 
    90120</fieldset></td> 
    91121</tr> 
     122 
    92123<tr> 
    93124<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th> 
    94125<td> 
    95126<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select> 
    96127</td> 
    97128</tr> 
    98 <?php } else { ?> 
    99 <tr> 
    100 <th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th> 
    101 <td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
    102 <p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p> 
    103 <?php 
    104 $new_admin_email = get_option( 'new_admin_email' ); 
    105 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> 
    106 <div class="updated inline"> 
    107 <p><?php 
    108         printf( 
    109                 /* translators: %s: new admin email */ 
    110                 __( 'There is a pending change of the admin email to %s.' ), 
    111                 '<code>' . esc_html( $new_admin_email ) . '</code>' 
    112         ); 
    113         printf( 
    114                 ' <a href="%1$s">%2$s</a>', 
    115                 esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 
    116                 __( 'Cancel' ) 
    117         ); 
    118 ?></p> 
    119 </div> 
    120 <?php endif; ?> 
    121 </td> 
    122 </tr> 
     129 
    123130<?php } 
    124131 
    125132$languages = get_available_languages(); 
  • src/wp-admin/options.php

    diff --git src/wp-admin/options.php src/wp-admin/options.php
    index d2e1c0374f..e11ffee9d5 100644
    if ( ! current_user_can( $capability ) ) { 
    5353} 
    5454 
    5555// Handle admin email change requests 
    56 if ( is_multisite() ) { 
    57         if ( ! empty($_GET[ 'adminhash' ] ) ) { 
    58                 $new_admin_details = get_option( 'adminhash' ); 
    59                 $redirect = 'options-general.php?updated=false'; 
    60                 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { 
    61                         update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 
    62                         delete_option( 'adminhash' ); 
    63                         delete_option( 'new_admin_email' ); 
    64                         $redirect = 'options-general.php?updated=true'; 
    65                 } 
    66                 wp_redirect( admin_url( $redirect ) ); 
    67                 exit; 
    68         } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 
    69                 check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); 
     56if ( ! empty( $_GET[ 'adminhash' ] ) ) { 
     57        $new_admin_details = get_option( 'adminhash' ); 
     58        $redirect = 'options-general.php?updated=false'; 
     59        if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && ! empty( $new_admin_details[ 'newemail' ] ) ) { 
     60                update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 
    7061                delete_option( 'adminhash' ); 
    7162                delete_option( 'new_admin_email' ); 
    72                 wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 
    73                 exit; 
     63                $redirect = 'options-general.php?updated=true'; 
    7464        } 
     65        wp_redirect( admin_url( $redirect ) ); 
     66        exit; 
     67} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 
     68        check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); 
     69        delete_option( 'adminhash' ); 
     70        delete_option( 'new_admin_email' ); 
     71        wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 
     72        exit; 
    7573} 
    7674 
    7775if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' != $action ) { 
    if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update 
    8381} 
    8482 
    8583$whitelist_options = array( 
    86         'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ), 
     84        'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG', 'new_admin_email' ), 
    8785        'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration' ), 
    8886        'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type' ), 
    8987        'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'show_on_front', 'page_on_front', 'page_for_posts', 'blog_public' ), 
    if ( !is_multisite() ) { 
    107105        if ( !defined( 'WP_HOME' ) ) 
    108106                $whitelist_options['general'][] = 'home'; 
    109107 
    110         $whitelist_options['general'][] = 'admin_email'; 
    111108        $whitelist_options['general'][] = 'users_can_register'; 
    112109        $whitelist_options['general'][] = 'default_role'; 
    113110 
    if ( !is_multisite() ) { 
    122119                $whitelist_options['media'][] = 'upload_url_path'; 
    123120        } 
    124121} else { 
    125         $whitelist_options['general'][] = 'new_admin_email'; 
    126  
    127122        /** 
    128123         * Filters whether the post-by-email functionality is enabled. 
    129124         *