Ticket #39118: 39118.2.diff
File 39118.2.diff, 17.0 KB (added by , 7 years ago) |
---|
-
src/wp-admin/includes/admin-filters.php
diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php index 240474949c..7f94480d02 100644
add_action( 'update_option_siteurl', 'update_home_siteurl', 10, 2 ); 56 56 add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 ); 57 57 add_action( 'update_option_admin_email', 'wp_site_admin_email_change_notification', 10, 3 ); 58 58 59 add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 60 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 61 59 62 add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); 60 63 add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 ); 61 64 add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 ); -
src/wp-admin/includes/misc.php
diff --git src/wp-admin/includes/misc.php src/wp-admin/includes/misc.php index 679b9ac5d6..d5ba04dfe3 100644
function wp_page_reload_on_back_button_js() { 936 936 </script> 937 937 <?php 938 938 } 939 940 /** 941 * Send a confirmation request email when a change of site admin email address is attempted. 942 * 943 * The new site admin address will not become active until confirmed. 944 * 945 * @since 3.0.0 946 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific. 947 * 948 * @param string $old_value The old site admin email address. 949 * @param string $value The proposed new site admin email address. 950 */ 951 function update_option_new_admin_email( $old_value, $value ) { 952 if ( $value == get_option( 'admin_email' ) || !is_email( $value ) ) { 953 return; 954 } 955 956 $hash = md5( $value . time() . mt_rand() ); 957 $new_admin_email = array( 958 'hash' => $hash, 959 'newemail' => $value, 960 ); 961 update_option( 'adminhash', $new_admin_email ); 962 963 $switched_locale = switch_to_locale( get_user_locale() ); 964 965 /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 966 $email_text = __( 'Howdy ###USERNAME###, 967 968 You recently requested to have the administration email address on 969 your site changed. 970 971 If this is correct, please click on the following link to change it: 972 ###ADMIN_URL### 973 974 You can safely ignore and delete this email if you do not want to 975 take this action. 976 977 This email has been sent to ###EMAIL### 978 979 Regards, 980 All at ###SITENAME### 981 ###SITEURL###' ); 982 983 /** 984 * Filters the text of the email sent when a change of site admin email address is attempted. 985 * 986 * The following strings have a special meaning and will get replaced dynamically: 987 * ###USERNAME### The current user's username. 988 * ###ADMIN_URL### The link to click on to confirm the email change. 989 * ###EMAIL### The proposed new site admin email address. 990 * ###SITENAME### The name of the site. 991 * ###SITEURL### The URL to the site. 992 * 993 * @since MU (3.0.0) 994 * @since 4.9.0 This filter is no longer Multisite specific. 995 * 996 * @param string $email_text Text in the email. 997 * @param array $new_admin_email { 998 * Data relating to the new site admin email address. 999 * 1000 * @type string $hash The secure hash used in the confirmation link URL. 1001 * @type string $newemail The proposed new site admin email address. 1002 * } 1003 */ 1004 $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); 1005 1006 $current_user = wp_get_current_user(); 1007 $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 1008 $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 1009 $content = str_replace( '###EMAIL###', $value, $content ); 1010 $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 1011 $content = str_replace( '###SITEURL###', network_home_url(), $content ); 1012 1013 wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 1014 1015 if ( $switched_locale ) { 1016 restore_previous_locale(); 1017 } 1018 } -
src/wp-admin/includes/ms-admin-filters.php
diff --git src/wp-admin/includes/ms-admin-filters.php src/wp-admin/includes/ms-admin-filters.php index 20dc77e7c2..c96b3f42e6 100644
add_action( 'user_admin_notices', 'new_user_email_admin_notice' ); 15 15 16 16 add_action( 'admin_page_access_denied', '_access_denied_splash', 99 ); 17 17 18 add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );19 20 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );21 22 18 // Site Hooks. 23 19 add_action( 'wpmueditblogaction', 'upload_space_setting' ); 24 20 -
src/wp-admin/includes/ms.php
diff --git src/wp-admin/includes/ms.php src/wp-admin/includes/ms.php index 83bcd1bbc3..b50f1ebf64 100644
function wpmu_delete_user( $id ) { 266 266 } 267 267 268 268 /** 269 * Send a confirmation request email when a change of site admin email address is attempted.270 *271 * The new site admin address will not become active until confirmed.272 *273 * @since 3.0.0274 *275 * @param string $old_value The old site admin email address.276 * @param string $value The proposed new site admin email address.277 */278 function update_option_new_admin_email( $old_value, $value ) {279 if ( $value == get_option( 'admin_email' ) || !is_email( $value ) )280 return;281 282 $hash = md5( $value. time() .mt_rand() );283 $new_admin_email = array(284 'hash' => $hash,285 'newemail' => $value286 );287 update_option( 'adminhash', $new_admin_email );288 289 $switched_locale = switch_to_locale( get_user_locale() );290 291 /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */292 $email_text = __( 'Howdy ###USERNAME###,293 294 You recently requested to have the administration email address on295 your site changed.296 297 If this is correct, please click on the following link to change it:298 ###ADMIN_URL###299 300 You can safely ignore and delete this email if you do not want to301 take this action.302 303 This email has been sent to ###EMAIL###304 305 Regards,306 All at ###SITENAME###307 ###SITEURL###' );308 309 /**310 * Filters the text of the email sent when a change of site admin email address is attempted.311 *312 * The following strings have a special meaning and will get replaced dynamically:313 * ###USERNAME### The current user's username.314 * ###ADMIN_URL### The link to click on to confirm the email change.315 * ###EMAIL### The proposed new site admin email address.316 * ###SITENAME### The name of the site.317 * ###SITEURL### The URL to the site.318 *319 * @since MU (3.0.0)320 *321 * @param string $email_text Text in the email.322 * @param array $new_admin_email {323 * Data relating to the new site admin email address.324 *325 * @type string $hash The secure hash used in the confirmation link URL.326 * @type string $newemail The proposed new site admin email address.327 * }328 */329 $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email );330 331 $current_user = wp_get_current_user();332 $content = str_replace( '###USERNAME###', $current_user->user_login, $content );333 $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content );334 $content = str_replace( '###EMAIL###', $value, $content );335 $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );336 $content = str_replace( '###SITEURL###', network_home_url(), $content );337 338 wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );339 340 if ( $switched_locale ) {341 restore_previous_locale();342 }343 }344 345 /**346 269 * Check whether a site has used its allotted upload space. 347 270 * 348 271 * @since MU (3.0.0) -
src/wp-admin/options-general.php
diff --git src/wp-admin/options-general.php src/wp-admin/options-general.php index 834f02733a..0fcdde3518 100644
include( ABSPATH . 'wp-admin/admin-header.php' ); 56 56 <?php settings_fields('general'); ?> 57 57 58 58 <table class="form-table"> 59 59 60 <tr> 60 61 <th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th> 61 62 <td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td> 62 63 </tr> 64 63 65 <tr> 64 66 <th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th> 65 67 <td><input name="blogdescription" type="text" id="blogdescription" aria-describedby="tagline-description" value="<?php form_option('blogdescription'); ?>" class="regular-text" /> 66 68 <p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td> 67 69 </tr> 70 68 71 <?php if ( !is_multisite() ) { ?> 72 69 73 <tr> 70 74 <th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th> 71 75 <td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td> 72 76 </tr> 77 73 78 <tr> 74 79 <th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th> 75 80 <td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" /> … … include( ABSPATH . 'wp-admin/admin-header.php' ); 77 82 <p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td> 78 83 <?php endif; ?> 79 84 </tr> 85 86 <?php } ?> 87 80 88 <tr> 81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th> 82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td> 89 <th scope="row"><label for="new_admin_email"><?php _e( 'Email Address' ); ?></label></th> 90 <td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 91 <p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?></p> 92 <?php 93 $new_admin_email = get_option( 'new_admin_email' ); 94 if ( $new_admin_email && $new_admin_email != get_option( 'admin_email' ) ) : ?> 95 <div class="updated inline"> 96 <p><?php 97 printf( 98 /* translators: %s: new admin email */ 99 __( 'There is a pending change of the admin email to %s.' ), 100 '<code>' . esc_html( $new_admin_email ) . '</code>' 101 ); 102 printf( 103 ' <a href="%1$s">%2$s</a>', 104 esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 105 __( 'Cancel' ) 106 ); 107 ?></p> 108 </div> 109 <?php endif; ?> 110 </td> 84 111 </tr> 112 113 <?php if ( ! is_multisite() ) { ?> 114 85 115 <tr> 86 116 <th scope="row"><?php _e('Membership') ?></th> 87 117 <td> <fieldset><legend class="screen-reader-text"><span><?php _e('Membership') ?></span></legend><label for="users_can_register"> … … include( ABSPATH . 'wp-admin/admin-header.php' ); 89 119 <?php _e('Anyone can register') ?></label> 90 120 </fieldset></td> 91 121 </tr> 122 92 123 <tr> 93 124 <th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th> 94 125 <td> 95 126 <select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select> 96 127 </td> 97 128 </tr> 98 <?php } else { ?> 99 <tr> 100 <th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th> 101 <td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 102 <p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p> 103 <?php 104 $new_admin_email = get_option( 'new_admin_email' ); 105 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> 106 <div class="updated inline"> 107 <p><?php 108 printf( 109 /* translators: %s: new admin email */ 110 __( 'There is a pending change of the admin email to %s.' ), 111 '<code>' . esc_html( $new_admin_email ) . '</code>' 112 ); 113 printf( 114 ' <a href="%1$s">%2$s</a>', 115 esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 116 __( 'Cancel' ) 117 ); 118 ?></p> 119 </div> 120 <?php endif; ?> 121 </td> 122 </tr> 129 123 130 <?php } 124 131 125 132 $languages = get_available_languages(); -
src/wp-admin/options.php
diff --git src/wp-admin/options.php src/wp-admin/options.php index d2e1c0374f..e11ffee9d5 100644
if ( ! current_user_can( $capability ) ) { 53 53 } 54 54 55 55 // Handle admin email change requests 56 if ( is_multisite() ) { 57 if ( ! empty($_GET[ 'adminhash' ] ) ) { 58 $new_admin_details = get_option( 'adminhash' ); 59 $redirect = 'options-general.php?updated=false'; 60 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { 61 update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 62 delete_option( 'adminhash' ); 63 delete_option( 'new_admin_email' ); 64 $redirect = 'options-general.php?updated=true'; 65 } 66 wp_redirect( admin_url( $redirect ) ); 67 exit; 68 } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 69 check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); 56 if ( ! empty( $_GET[ 'adminhash' ] ) ) { 57 $new_admin_details = get_option( 'adminhash' ); 58 $redirect = 'options-general.php?updated=false'; 59 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && ! empty( $new_admin_details[ 'newemail' ] ) ) { 60 update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 70 61 delete_option( 'adminhash' ); 71 62 delete_option( 'new_admin_email' ); 72 wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 73 exit; 63 $redirect = 'options-general.php?updated=true'; 74 64 } 65 wp_redirect( admin_url( $redirect ) ); 66 exit; 67 } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 68 check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); 69 delete_option( 'adminhash' ); 70 delete_option( 'new_admin_email' ); 71 wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 72 exit; 75 73 } 76 74 77 75 if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' != $action ) { … … if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update 83 81 } 84 82 85 83 $whitelist_options = array( 86 'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ),84 'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG', 'new_admin_email' ), 87 85 'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating', 'avatar_default', 'close_comments_for_old_posts', 'close_comments_days_old', 'thread_comments', 'thread_comments_depth', 'page_comments', 'comments_per_page', 'default_comments_page', 'comment_order', 'comment_registration' ), 88 86 'media' => array( 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'large_size_w', 'large_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type' ), 89 87 'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'show_on_front', 'page_on_front', 'page_for_posts', 'blog_public' ), … … if ( !is_multisite() ) { 107 105 if ( !defined( 'WP_HOME' ) ) 108 106 $whitelist_options['general'][] = 'home'; 109 107 110 $whitelist_options['general'][] = 'admin_email';111 108 $whitelist_options['general'][] = 'users_can_register'; 112 109 $whitelist_options['general'][] = 'default_role'; 113 110 … … if ( !is_multisite() ) { 122 119 $whitelist_options['media'][] = 'upload_url_path'; 123 120 } 124 121 } else { 125 $whitelist_options['general'][] = 'new_admin_email';126 127 122 /** 128 123 * Filters whether the post-by-email functionality is enabled. 129 124 *