WordPress.org

Make WordPress Core

Ticket #39118: 39118.diff

File 39118.diff, 10.9 KB (added by MatheusGimenez, 16 months ago)

Added verify email on change site admin email in single site installations

  • src/wp-admin/includes/admin-filters.php

     
    5555add_action( 'update_option_siteurl',       'update_home_siteurl', 10, 2 );
    5656add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
    5757
     58add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
     59
    5860add_filter( 'heartbeat_received', 'wp_check_locked_posts',  10,  3 );
    5961add_filter( 'heartbeat_received', 'wp_refresh_post_lock',   10,  3 );
    6062add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10,  3 );
  • src/wp-admin/includes/misc.php

     
    936936        </script>
    937937        <?php
    938938}
     939
     940/**
     941 * Sends an email when a site administrator email address is changed.
     942 *
     943 * @since 3.0.0
     944 *
     945 * @param string $old_value The old email address. Not currently used.
     946 * @param string $value     The new email address.
     947 */
     948function update_option_new_admin_email( $old_value, $value ) {
     949        if ( $value == get_option( 'admin_email' ) || !is_email( $value ) )
     950                return;
     951
     952        $hash = md5( $value. time() .mt_rand() );
     953        $new_admin_email = array(
     954                'hash' => $hash,
     955                'newemail' => $value
     956        );
     957        update_option( 'adminhash', $new_admin_email );
     958
     959        $switched_locale = switch_to_locale( get_user_locale() );
     960
     961        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     962        $email_text = __( 'Howdy ###USERNAME###,
     963
     964You recently requested to have the administration email address on
     965your site changed.
     966
     967If this is correct, please click on the following link to change it:
     968###ADMIN_URL###
     969
     970You can safely ignore and delete this email if you do not want to
     971take this action.
     972
     973This email has been sent to ###EMAIL###
     974
     975Regards,
     976All at ###SITENAME###
     977###SITEURL###' );
     978
     979        /**
     980         * Filters the email text sent when the site admin email is changed.
     981         *
     982         * The following strings have a special meaning and will get replaced dynamically:
     983         * ###USERNAME###  The current user's username.
     984         * ###ADMIN_URL### The link to click on to confirm the email change.
     985         * ###EMAIL###     The new email.
     986         * ###SITENAME###  The name of the site.
     987         * ###SITEURL###   The URL to the site.
     988         *
     989         * @since 3.0.0
     990         *
     991         * @param string $email_text      Text in the email.
     992         * @param string $new_admin_email New admin email that the current administration email was changed to.
     993         */
     994        $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email );
     995
     996        $current_user = wp_get_current_user();
     997        $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
     998        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content );
     999        $content = str_replace( '###EMAIL###', $value, $content );
     1000        // get single site name
     1001        $site_name = get_option( 'blogname' );
     1002        if ( is_multisite() ) {
     1003                $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     1004                $content = str_replace( '###SITEURL###', network_home_url(), $content );
     1005        } else {
     1006                $content = str_replace( '###SITENAME###', $site_name, $content );
     1007                $content = str_replace( '###SITEURL###', home_url(), $content );
     1008        }
     1009
     1010        wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     1011
     1012        if ( $switched_locale ) {
     1013                restore_previous_locale();
     1014        }
     1015}
  • src/wp-admin/includes/ms-admin-filters.php

     
    2020
    2121add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
    2222
    23 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
    24 
    2523// Site Hooks.
    2624add_action( 'wpmueditblogaction', 'upload_space_setting' );
    2725
  • src/wp-admin/includes/ms.php

     
    256256}
    257257
    258258/**
    259  * Sends an email when a site administrator email address is changed.
    260  *
    261  * @since 3.0.0
    262  *
    263  * @param string $old_value The old email address. Not currently used.
    264  * @param string $value     The new email address.
    265  */
    266 function update_option_new_admin_email( $old_value, $value ) {
    267         if ( $value == get_option( 'admin_email' ) || !is_email( $value ) )
    268                 return;
    269 
    270         $hash = md5( $value. time() .mt_rand() );
    271         $new_admin_email = array(
    272                 'hash' => $hash,
    273                 'newemail' => $value
    274         );
    275         update_option( 'adminhash', $new_admin_email );
    276 
    277         $switched_locale = switch_to_locale( get_user_locale() );
    278 
    279         /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
    280         $email_text = __( 'Howdy ###USERNAME###,
    281 
    282 You recently requested to have the administration email address on
    283 your site changed.
    284 
    285 If this is correct, please click on the following link to change it:
    286 ###ADMIN_URL###
    287 
    288 You can safely ignore and delete this email if you do not want to
    289 take this action.
    290 
    291 This email has been sent to ###EMAIL###
    292 
    293 Regards,
    294 All at ###SITENAME###
    295 ###SITEURL###' );
    296 
    297         /**
    298          * Filters the email text sent when the site admin email is changed.
    299          *
    300          * The following strings have a special meaning and will get replaced dynamically:
    301          * ###USERNAME###  The current user's username.
    302          * ###ADMIN_URL### The link to click on to confirm the email change.
    303          * ###EMAIL###     The new email.
    304          * ###SITENAME###  The name of the site.
    305          * ###SITEURL###   The URL to the site.
    306          *
    307          * @since MU
    308          *
    309          * @param string $email_text      Text in the email.
    310          * @param string $new_admin_email New admin email that the current administration email was changed to.
    311          */
    312         $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email );
    313 
    314         $current_user = wp_get_current_user();
    315         $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
    316         $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content );
    317         $content = str_replace( '###EMAIL###', $value, $content );
    318         $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
    319         $content = str_replace( '###SITEURL###', network_home_url(), $content );
    320 
    321         wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
    322 
    323         if ( $switched_locale ) {
    324                 restore_previous_locale();
    325         }
    326 }
    327 
    328 /**
    329259 * Sends an email when an email address change is requested.
    330260 *
    331261 * @since 3.0.0
  • src/wp-admin/options-general.php

     
    7878<?php endif; ?>
    7979</tr>
    8080<tr>
    81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th>
    82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
    83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td>
     81<th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?></label></th>
     82<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
     83<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p>
     84<?php
     85$new_admin_email = get_option( 'new_admin_email' );
     86if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
     87<div class="updated inline">
     88<p><?php
     89        printf(
     90                /* translators: %s: new admin email */
     91                __( 'There is a pending change of the admin email to %s.' ),
     92                '<code>' . esc_html( $new_admin_email ) . '</code>'
     93        );
     94        printf(
     95                ' <a href="%1$s">%2$s</a>',
     96                esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-new_admin_email' ) ),
     97                __( 'Cancel' )
     98        );
     99?></p>
     100</div>
     101<?php endif; ?>
     102</td>
    84103</tr>
    85104<tr>
    86105<th scope="row"><?php _e('Membership') ?></th>
     
    112131        );
    113132        printf(
    114133                ' <a href="%1$s">%2$s</a>',
    115                 esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
     134                esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-new_admin_email' ) ),
    116135                __( 'Cancel' )
    117136        );
    118137?></p>
  • src/wp-admin/options.php

     
    5353}
    5454
    5555// Handle admin email change requests
    56 if ( is_multisite() ) {
    57         if ( ! empty($_GET[ 'adminhash' ] ) ) {
    58                 $new_admin_details = get_option( 'adminhash' );
    59                 $redirect = 'options-general.php?updated=false';
    60                 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) {
    61                         update_option( 'admin_email', $new_admin_details[ 'newemail' ] );
    62                         delete_option( 'adminhash' );
    63                         delete_option( 'new_admin_email' );
    64                         $redirect = 'options-general.php?updated=true';
    65                 }
    66                 wp_redirect( admin_url( $redirect ) );
    67                 exit;
    68         } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
    69                 check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
     56if ( ! empty($_GET[ 'adminhash' ] ) ) {
     57        $new_admin_details = get_option( 'adminhash' );
     58        $redirect = 'options-general.php?updated=false';
     59        if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) {
     60                update_option( 'admin_email', $new_admin_details[ 'newemail' ] );
    7061                delete_option( 'adminhash' );
    7162                delete_option( 'new_admin_email' );
    72                 wp_redirect( admin_url( 'options-general.php?updated=true' ) );
    73                 exit;
     63                $redirect = 'options-general.php?updated=true';
    7464        }
     65        wp_redirect( admin_url( $redirect ) );
     66        exit;
     67} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
     68        check_admin_referer( 'dismiss-new_admin_email' );
     69        delete_option( 'adminhash' );
     70        delete_option( 'new_admin_email' );
     71        wp_redirect( admin_url( 'options-general.php?updated=true' ) );
     72        exit;
    7573}
    7674
    7775if ( is_multisite() && ! is_super_admin() && 'update' != $action ) {