WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/11/17 19:14:55 (7 weeks ago)
Author:
swissspidy
Message:

Mail: Ensure entities are decoded in email change notifications on Multisite.

Adds new tests to ensure this bug does not pop up again.

Props stephenharris.
Fixes #40015.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms.php

    r40579 r40632  
    326326    $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash='.$hash ) ), $content ); 
    327327    $content = str_replace( '###EMAIL###', $value, $content ); 
    328     $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); 
     328    $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
    329329    $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    330330 
    331     wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); 
     331    wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
    332332 
    333333    if ( $switched_locale ) { 
     
    411411        $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); 
    412412        $content = str_replace( '###EMAIL###', $_POST['email'], $content); 
    413         $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content ); 
     413        $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
    414414        $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    415415 
    416         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content ); 
     416        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
    417417        $_POST['email'] = $current_user->user_email; 
    418418 
Note: See TracChangeset for help on using the changeset viewer.