WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/11/2017 07:14:55 PM (14 months ago)
Author:
swissspidy
Message:

Mail: Ensure entities are decoded in email change notifications on Multisite.

Adds new tests to ensure this bug does not pop up again.

Props stephenharris.
Fixes #40015.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms.php

    r40579 r40632  
    326326    $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content );
    327327    $content = str_replace( '###EMAIL###', $value, $content );
    328     $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     328    $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
    329329    $content = str_replace( '###SITEURL###', network_home_url(), $content );
    330330
    331     wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     331    wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
    332332
    333333    if ( $switched_locale ) {
     
    411411        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    412412        $content = str_replace( '###EMAIL###', $_POST['email'], $content);
    413         $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     413        $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
    414414        $content = str_replace( '###SITEURL###', network_home_url(), $content );
    415415
    416         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     416        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
    417417        $_POST['email'] = $current_user->user_email;
    418418
Note: See TracChangeset for help on using the changeset viewer.