WordPress.org

Make WordPress Core

Changeset 41163


Ignore:
Timestamp:
07/27/2017 02:09:51 AM (10 months ago)
Author:
johnbillion
Message:

Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.

Props rodrigosprimo, tharsheblows, johnbillion

Fixes #16470

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/admin-filters.php

    r38172 r41163  
    100100
    101101add_action( 'admin_notices', 'default_password_nag' );
     102add_action( 'admin_notices', 'new_user_email_admin_notice' );
    102103
    103104add_action( 'profile_update', 'default_password_nag_edit_user', 10, 2 );
     105
     106add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
    104107
    105108// Update hooks.
  • trunk/src/wp-admin/includes/ms-admin-filters.php

    r36504 r41163  
    1212
    1313// User Hooks
    14 add_action( 'admin_notices', 'new_user_email_admin_notice' );
    1514add_action( 'user_admin_notices', 'new_user_email_admin_notice' );
    1615
     
    1817
    1918add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
    20 
    21 add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
    2219
    2320add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
  • trunk/src/wp-admin/includes/ms.php

    r41065 r41163  
    333333    if ( $switched_locale ) {
    334334        restore_previous_locale();
    335     }
    336 }
    337 
    338 /**
    339  * Sends an email when an email address change is requested.
    340  *
    341  * @since 3.0.0
    342  *
    343  * @global WP_Error $errors WP_Error object.
    344  * @global wpdb     $wpdb   WordPress database object.
    345  */
    346 function send_confirmation_on_profile_email() {
    347     global $errors, $wpdb;
    348     $current_user = wp_get_current_user();
    349     if ( ! is_object($errors) )
    350         $errors = new WP_Error();
    351 
    352     if ( $current_user->ID != $_POST['user_id'] )
    353         return false;
    354 
    355     if ( $current_user->user_email != $_POST['email'] ) {
    356         if ( !is_email( $_POST['email'] ) ) {
    357             $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array( 'form-field' => 'email' ) );
    358             return;
    359         }
    360 
    361         if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
    362             $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
    363             delete_user_meta( $current_user->ID, '_new_email' );
    364             return;
    365         }
    366 
    367         $hash = md5( $_POST['email'] . time() . mt_rand() );
    368         $new_user_email = array(
    369             'hash' => $hash,
    370             'newemail' => $_POST['email']
    371         );
    372         update_user_meta( $current_user->ID, '_new_email', $new_user_email );
    373 
    374         $switched_locale = switch_to_locale( get_user_locale() );
    375 
    376         /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
    377         $email_text = __( 'Howdy ###USERNAME###,
    378 
    379 You recently requested to have the email address on your account changed.
    380 
    381 If this is correct, please click on the following link to change it:
    382 ###ADMIN_URL###
    383 
    384 You can safely ignore and delete this email if you do not want to
    385 take this action.
    386 
    387 This email has been sent to ###EMAIL###
    388 
    389 Regards,
    390 All at ###SITENAME###
    391 ###SITEURL###' );
    392 
    393         /**
    394          * Filters the email text sent when a user changes emails.
    395          *
    396          * The following strings have a special meaning and will get replaced dynamically:
    397          * ###USERNAME###  The current user's username.
    398          * ###ADMIN_URL### The link to click on to confirm the email change.
    399          * ###EMAIL###     The new email.
    400          * ###SITENAME###  The name of the site.
    401          * ###SITEURL###   The URL to the site.
    402          *
    403          * @since MU
    404          *
    405          * @param string $email_text     Text in the email.
    406          * @param string $new_user_email New user email that the current user has changed to.
    407          */
    408         $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
    409 
    410         $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
    411         $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    412         $content = str_replace( '###EMAIL###', $_POST['email'], $content);
    413         $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
    414         $content = str_replace( '###SITEURL###', network_home_url(), $content );
    415 
    416         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
    417         $_POST['email'] = $current_user->user_email;
    418 
    419         if ( $switched_locale ) {
    420             restore_previous_locale();
    421         }
    422     }
    423 }
    424 
    425 /**
    426  * Adds an admin notice alerting the user to check for confirmation email
    427  * after email address change.
    428  *
    429  * @since 3.0.0
    430  *
    431  * @global string $pagenow
    432  */
    433 function new_user_email_admin_notice() {
    434     global $pagenow;
    435     if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
    436         /* translators: %s: New email address */
    437         echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
    438335    }
    439336}
  • trunk/src/wp-admin/user-edit.php

    r39907 r41163  
    8989
    9090// Execute confirmed email change. See send_confirmation_on_profile_email().
    91 if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
     91if ( IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
    9292    $new_email = get_user_meta( $current_user->ID, '_new_email', true );
    9393    if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
     
    9595        $user->ID = $current_user->ID;
    9696        $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
    97         if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
     97        if ( is_multisite() && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
    9898            $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
    9999        }
     
    105105        wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
    106106    }
    107 } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
     107} elseif ( IS_PROFILE_PAGE && ! empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
    108108    check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
    109109    delete_user_meta( $current_user->ID, '_new_email' );
  • trunk/src/wp-includes/user.php

    r41158 r41163  
    25912591    return $current_user;
    25922592}
     2593
     2594/**
     2595 * Sends an email when an email address change is requested.
     2596 *
     2597 * @since 3.0.0
     2598 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
     2599 *
     2600 * @global WP_Error $errors WP_Error object.
     2601 * @global wpdb     $wpdb   WordPress database object.
     2602 */
     2603function send_confirmation_on_profile_email() {
     2604    global $errors, $wpdb;
     2605
     2606    $current_user = wp_get_current_user();
     2607    if ( ! is_object( $errors ) ) {
     2608        $errors = new WP_Error();
     2609    }
     2610
     2611    if ( $current_user->ID != $_POST['user_id'] ) {
     2612        return false;
     2613    }
     2614
     2615    if ( $current_user->user_email != $_POST['email'] ) {
     2616        if ( ! is_email( $_POST['email'] ) ) {
     2617            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array(
     2618                'form-field' => 'email',
     2619            ) );
     2620
     2621            return;
     2622        }
     2623
     2624        if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
     2625            $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array(
     2626                'form-field' => 'email',
     2627            ) );
     2628            delete_user_meta( $current_user->ID, '_new_email' );
     2629
     2630            return;
     2631        }
     2632
     2633        $hash           = md5( $_POST['email'] . time() . mt_rand() );
     2634        $new_user_email = array(
     2635            'hash'     => $hash,
     2636            'newemail' => $_POST['email'],
     2637        );
     2638        update_user_meta( $current_user->ID, '_new_email', $new_user_email );
     2639
     2640        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     2641        $email_text = __( 'Howdy ###USERNAME###,
     2642
     2643You recently requested to have the email address on your account changed.
     2644
     2645If this is correct, please click on the following link to change it:
     2646###ADMIN_URL###
     2647
     2648You can safely ignore and delete this email if you do not want to
     2649take this action.
     2650
     2651This email has been sent to ###EMAIL###
     2652
     2653Regards,
     2654All at ###SITENAME###
     2655###SITEURL###' );
     2656
     2657        /**
     2658         * Filters the email text sent when a user changes emails.
     2659         *
     2660         * The following strings have a special meaning and will get replaced dynamically:
     2661         * ###USERNAME###  The current user's username.
     2662         * ###ADMIN_URL### The link to click on to confirm the email change.
     2663         * ###EMAIL###     The new email.
     2664         * ###SITENAME###  The name of the site.
     2665         * ###SITEURL###   The URL to the site.
     2666         *
     2667         * @since MU
     2668         * @since 4.9.0 This filter is no longer Multisite specific.
     2669         *
     2670         * @param string $email_text     Text in the email.
     2671         * @param string $new_user_email New user email that the current user has changed to.
     2672         */
     2673        $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
     2674
     2675        $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
     2676        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
     2677        $content = str_replace( '###EMAIL###', $_POST['email'], $content );
     2678        $content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
     2679        $content = str_replace( '###SITEURL###', network_home_url(), $content );
     2680
     2681        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
     2682
     2683        $_POST['email'] = $current_user->user_email;
     2684    }
     2685}
     2686
     2687/**
     2688 * Adds an admin notice alerting the user to check for confirmation email
     2689 * after email address change.
     2690 *
     2691 * @since 3.0.0
     2692 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
     2693 *
     2694 * @global string $pagenow
     2695 */
     2696function new_user_email_admin_notice() {
     2697    global $pagenow;
     2698    if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
     2699        /* translators: %s: New email address */
     2700        echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
     2701    }
     2702}
  • trunk/tests/phpunit/tests/user.php

    r40564 r41163  
    12051205        $pass1 = '';
    12061206    }
     1207
     1208    /**
     1209     * @ticket 16470
     1210     */
     1211    function test_send_confirmation_on_profile_email() {
     1212        reset_phpmailer_instance();
     1213        $was_confirmation_email_sent = false;
     1214
     1215        $user = $this->factory()->user->create_and_get( array(
     1216            'user_email' => 'before@example.com',
     1217        ) );
     1218
     1219        $_POST['email']   = 'after@example.com';
     1220        $_POST['user_id'] = $user->ID;
     1221
     1222        wp_set_current_user( $user->ID );
     1223
     1224        do_action( 'personal_options_update' );
     1225
     1226        if ( ! empty( $GLOBALS['phpmailer']->mock_sent ) ) {
     1227            $was_confirmation_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[0] ) && 'after@example.com' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0] );
     1228        }
     1229
     1230        // A confirmation email is sent.
     1231        $this->assertTrue( $was_confirmation_email_sent );
     1232
     1233        // The new email address gets put into user_meta.
     1234        $new_email_meta = get_user_meta( $user->ID, '_new_email', true );
     1235        $this->assertEquals( 'after@example.com', $new_email_meta['newemail'] );
     1236
     1237        // The email address of the user doesn't change. $_POST['email'] should be the email address pre-update.
     1238        $this->assertEquals( $_POST['email'], $user->user_email );
     1239    }
     1240
     1241    /**
     1242     * @ticket 16470
     1243     */
     1244    function test_remove_send_confirmation_on_profile_email() {
     1245        remove_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
     1246
     1247        reset_phpmailer_instance();
     1248        $was_confirmation_email_sent = false;
     1249
     1250        $user = $this->factory()->user->create_and_get( array(
     1251            'user_email' => 'before@example.com',
     1252        ) );
     1253
     1254        $_POST['email']   = 'after@example.com';
     1255        $_POST['user_id'] = $user->ID;
     1256
     1257        wp_set_current_user( $user->ID );
     1258
     1259        do_action( 'personal_options_update' );
     1260
     1261        if ( ! empty( $GLOBALS['phpmailer']->mock_sent ) ) {
     1262            $was_confirmation_email_sent = ( isset( $GLOBALS['phpmailer']->mock_sent[0] ) && 'after@example.com' == $GLOBALS['phpmailer']->mock_sent[0]['to'][0][0] );
     1263        }
     1264
     1265        // No confirmation email is sent.
     1266        $this->assertFalse( $was_confirmation_email_sent );
     1267
     1268        // No usermeta is created.
     1269        $new_email_meta = get_user_meta( $user->ID, '_new_email', true );
     1270        $this->assertEmpty( $new_email_meta );
     1271
     1272        // $_POST['email'] should be the email address posted from the form.
     1273        $this->assertEquals( $_POST['email'], 'after@example.com' );
     1274    }
    12071275}
Note: See TracChangeset for help on using the changeset viewer.