WordPress.org

Make WordPress Core

Ticket #39118: 39118.diff

File 39118.diff, 10.9 KB (added by MatheusGimenez, 12 months ago)

Added verify email on change site admin email in single site installations

  • src/wp-admin/includes/admin-filters.php

     
    5555add_action( 'update_option_siteurl',       'update_home_siteurl', 10, 2 ); 
    5656add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 ); 
    5757 
     58add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 
     59 
    5860add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 ); 
    5961add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 ); 
    6062add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 ); 
  • src/wp-admin/includes/misc.php

     
    936936        </script> 
    937937        <?php 
    938938} 
     939 
     940/** 
     941 * Sends an email when a site administrator email address is changed. 
     942 * 
     943 * @since 3.0.0 
     944 * 
     945 * @param string $old_value The old email address. Not currently used. 
     946 * @param string $value     The new email address. 
     947 */ 
     948function update_option_new_admin_email( $old_value, $value ) { 
     949        if ( $value == get_option( 'admin_email' ) || !is_email( $value ) ) 
     950                return; 
     951 
     952        $hash = md5( $value. time() .mt_rand() ); 
     953        $new_admin_email = array( 
     954                'hash' => $hash, 
     955                'newemail' => $value 
     956        ); 
     957        update_option( 'adminhash', $new_admin_email ); 
     958 
     959        $switched_locale = switch_to_locale( get_user_locale() ); 
     960 
     961        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
     962        $email_text = __( 'Howdy ###USERNAME###, 
     963 
     964You recently requested to have the administration email address on 
     965your site changed. 
     966 
     967If this is correct, please click on the following link to change it: 
     968###ADMIN_URL### 
     969 
     970You can safely ignore and delete this email if you do not want to 
     971take this action. 
     972 
     973This email has been sent to ###EMAIL### 
     974 
     975Regards, 
     976All at ###SITENAME### 
     977###SITEURL###' ); 
     978 
     979        /** 
     980         * Filters the email text sent when the site admin email is changed. 
     981         * 
     982         * The following strings have a special meaning and will get replaced dynamically: 
     983         * ###USERNAME###  The current user's username. 
     984         * ###ADMIN_URL### The link to click on to confirm the email change. 
     985         * ###EMAIL###     The new email. 
     986         * ###SITENAME###  The name of the site. 
     987         * ###SITEURL###   The URL to the site. 
     988         * 
     989         * @since 3.0.0 
     990         * 
     991         * @param string $email_text      Text in the email. 
     992         * @param string $new_admin_email New admin email that the current administration email was changed to. 
     993         */ 
     994        $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); 
     995 
     996        $current_user = wp_get_current_user(); 
     997        $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 
     998        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 
     999        $content = str_replace( '###EMAIL###', $value, $content ); 
     1000        // get single site name 
     1001        $site_name = get_option( 'blogname' ); 
     1002        if ( is_multisite() ) { 
     1003                $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); 
     1004                $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
     1005        } else { 
     1006                $content = str_replace( '###SITENAME###', $site_name, $content ); 
     1007                $content = str_replace( '###SITEURL###', home_url(), $content ); 
     1008        } 
     1009 
     1010        wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); 
     1011 
     1012        if ( $switched_locale ) { 
     1013                restore_previous_locale(); 
     1014        } 
     1015} 
  • src/wp-admin/includes/ms-admin-filters.php

     
    2020 
    2121add_action( 'personal_options_update', 'send_confirmation_on_profile_email' ); 
    2222 
    23 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); 
    24  
    2523// Site Hooks. 
    2624add_action( 'wpmueditblogaction', 'upload_space_setting' ); 
    2725 
  • src/wp-admin/includes/ms.php

     
    256256} 
    257257 
    258258/** 
    259  * Sends an email when a site administrator email address is changed. 
    260  * 
    261  * @since 3.0.0 
    262  * 
    263  * @param string $old_value The old email address. Not currently used. 
    264  * @param string $value     The new email address. 
    265  */ 
    266 function update_option_new_admin_email( $old_value, $value ) { 
    267         if ( $value == get_option( 'admin_email' ) || !is_email( $value ) ) 
    268                 return; 
    269  
    270         $hash = md5( $value. time() .mt_rand() ); 
    271         $new_admin_email = array( 
    272                 'hash' => $hash, 
    273                 'newemail' => $value 
    274         ); 
    275         update_option( 'adminhash', $new_admin_email ); 
    276  
    277         $switched_locale = switch_to_locale( get_user_locale() ); 
    278  
    279         /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
    280         $email_text = __( 'Howdy ###USERNAME###, 
    281  
    282 You recently requested to have the administration email address on 
    283 your site changed. 
    284  
    285 If this is correct, please click on the following link to change it: 
    286 ###ADMIN_URL### 
    287  
    288 You can safely ignore and delete this email if you do not want to 
    289 take this action. 
    290  
    291 This email has been sent to ###EMAIL### 
    292  
    293 Regards, 
    294 All at ###SITENAME### 
    295 ###SITEURL###' ); 
    296  
    297         /** 
    298          * Filters the email text sent when the site admin email is changed. 
    299          * 
    300          * The following strings have a special meaning and will get replaced dynamically: 
    301          * ###USERNAME###  The current user's username. 
    302          * ###ADMIN_URL### The link to click on to confirm the email change. 
    303          * ###EMAIL###     The new email. 
    304          * ###SITENAME###  The name of the site. 
    305          * ###SITEURL###   The URL to the site. 
    306          * 
    307          * @since MU 
    308          * 
    309          * @param string $email_text      Text in the email. 
    310          * @param string $new_admin_email New admin email that the current administration email was changed to. 
    311          */ 
    312         $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email ); 
    313  
    314         $current_user = wp_get_current_user(); 
    315         $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 
    316         $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 
    317         $content = str_replace( '###EMAIL###', $value, $content ); 
    318         $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); 
    319         $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    320  
    321         wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); 
    322  
    323         if ( $switched_locale ) { 
    324                 restore_previous_locale(); 
    325         } 
    326 } 
    327  
    328 /** 
    329259 * Sends an email when an email address change is requested. 
    330260 * 
    331261 * @since 3.0.0 
  • src/wp-admin/options-general.php

     
    7878<?php endif; ?> 
    7979</tr> 
    8080<tr> 
    81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th> 
    82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
    83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td> 
     81<th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?></label></th> 
     82<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
     83<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p> 
     84<?php 
     85$new_admin_email = get_option( 'new_admin_email' ); 
     86if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> 
     87<div class="updated inline"> 
     88<p><?php 
     89        printf( 
     90                /* translators: %s: new admin email */ 
     91                __( 'There is a pending change of the admin email to %s.' ), 
     92                '<code>' . esc_html( $new_admin_email ) . '</code>' 
     93        ); 
     94        printf( 
     95                ' <a href="%1$s">%2$s</a>', 
     96                esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-new_admin_email' ) ), 
     97                __( 'Cancel' ) 
     98        ); 
     99?></p> 
     100</div> 
     101<?php endif; ?> 
     102</td> 
    84103</tr> 
    85104<tr> 
    86105<th scope="row"><?php _e('Membership') ?></th> 
     
    112131        ); 
    113132        printf( 
    114133                ' <a href="%1$s">%2$s</a>', 
    115                 esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 
     134                esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-new_admin_email' ) ), 
    116135                __( 'Cancel' ) 
    117136        ); 
    118137?></p> 
  • src/wp-admin/options.php

     
    5353} 
    5454 
    5555// Handle admin email change requests 
    56 if ( is_multisite() ) { 
    57         if ( ! empty($_GET[ 'adminhash' ] ) ) { 
    58                 $new_admin_details = get_option( 'adminhash' ); 
    59                 $redirect = 'options-general.php?updated=false'; 
    60                 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { 
    61                         update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 
    62                         delete_option( 'adminhash' ); 
    63                         delete_option( 'new_admin_email' ); 
    64                         $redirect = 'options-general.php?updated=true'; 
    65                 } 
    66                 wp_redirect( admin_url( $redirect ) ); 
    67                 exit; 
    68         } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 
    69                 check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' ); 
     56if ( ! empty($_GET[ 'adminhash' ] ) ) { 
     57        $new_admin_details = get_option( 'adminhash' ); 
     58        $redirect = 'options-general.php?updated=false'; 
     59        if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { 
     60                update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 
    7061                delete_option( 'adminhash' ); 
    7162                delete_option( 'new_admin_email' ); 
    72                 wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 
    73                 exit; 
     63                $redirect = 'options-general.php?updated=true'; 
    7464        } 
     65        wp_redirect( admin_url( $redirect ) ); 
     66        exit; 
     67} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) { 
     68        check_admin_referer( 'dismiss-new_admin_email' ); 
     69        delete_option( 'adminhash' ); 
     70        delete_option( 'new_admin_email' ); 
     71        wp_redirect( admin_url( 'options-general.php?updated=true' ) ); 
     72        exit; 
    7573} 
    7674 
    7775if ( is_multisite() && ! is_super_admin() && 'update' != $action ) {