Make WordPress Core

Changeset 38876


Ignore:
Timestamp:
10/23/2016 02:01:53 PM (8 years ago)
Author:
ocean90
Message:

Users: Use self_admin_url() for the email change confirmation link.

Prevents sending users to wp-admin/profile.php if they only have access to wp-admin/user/profile.php.

Props dave.pullig.
Fixes #38451.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms.php

    r38821 r38876  
    389389
    390390        $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
    391         $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
     391        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    392392        $content = str_replace( '###EMAIL###', $_POST['email'], $content);
    393393        $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
Note: See TracChangeset for help on using the changeset viewer.