WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/27/17 02:09:51 (6 months ago)
Author:
johnbillion
Message:

Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.

Props rodrigosprimo, tharsheblows, johnbillion

Fixes #16470

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms.php

    r41065 r41163  
    333333    if ( $switched_locale ) { 
    334334        restore_previous_locale(); 
    335     } 
    336 } 
    337  
    338 /** 
    339  * Sends an email when an email address change is requested. 
    340  * 
    341  * @since 3.0.0 
    342  * 
    343  * @global WP_Error $errors WP_Error object. 
    344  * @global wpdb     $wpdb   WordPress database object. 
    345  */ 
    346 function send_confirmation_on_profile_email() { 
    347     global $errors, $wpdb; 
    348     $current_user = wp_get_current_user(); 
    349     if ( ! is_object($errors) ) 
    350         $errors = new WP_Error(); 
    351  
    352     if ( $current_user->ID != $_POST['user_id'] ) 
    353         return false; 
    354  
    355     if ( $current_user->user_email != $_POST['email'] ) { 
    356         if ( !is_email( $_POST['email'] ) ) { 
    357             $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array( 'form-field' => 'email' ) ); 
    358             return; 
    359         } 
    360  
    361         if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) { 
    362             $errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) ); 
    363             delete_user_meta( $current_user->ID, '_new_email' ); 
    364             return; 
    365         } 
    366  
    367         $hash = md5( $_POST['email'] . time() . mt_rand() ); 
    368         $new_user_email = array( 
    369             'hash' => $hash, 
    370             'newemail' => $_POST['email'] 
    371         ); 
    372         update_user_meta( $current_user->ID, '_new_email', $new_user_email ); 
    373  
    374         $switched_locale = switch_to_locale( get_user_locale() ); 
    375  
    376         /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ 
    377         $email_text = __( 'Howdy ###USERNAME###, 
    378  
    379 You recently requested to have the email address on your account changed. 
    380  
    381 If this is correct, please click on the following link to change it: 
    382 ###ADMIN_URL### 
    383  
    384 You can safely ignore and delete this email if you do not want to 
    385 take this action. 
    386  
    387 This email has been sent to ###EMAIL### 
    388  
    389 Regards, 
    390 All at ###SITENAME### 
    391 ###SITEURL###' ); 
    392  
    393         /** 
    394          * Filters the email text sent when a user changes emails. 
    395          * 
    396          * The following strings have a special meaning and will get replaced dynamically: 
    397          * ###USERNAME###  The current user's username. 
    398          * ###ADMIN_URL### The link to click on to confirm the email change. 
    399          * ###EMAIL###     The new email. 
    400          * ###SITENAME###  The name of the site. 
    401          * ###SITEURL###   The URL to the site. 
    402          * 
    403          * @since MU 
    404          * 
    405          * @param string $email_text     Text in the email. 
    406          * @param string $new_user_email New user email that the current user has changed to. 
    407          */ 
    408         $content = apply_filters( 'new_user_email_content', $email_text, $new_user_email ); 
    409  
    410         $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); 
    411         $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); 
    412         $content = str_replace( '###EMAIL###', $_POST['email'], $content); 
    413         $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content ); 
    414         $content = str_replace( '###SITEURL###', network_home_url(), $content ); 
    415  
    416         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); 
    417         $_POST['email'] = $current_user->user_email; 
    418  
    419         if ( $switched_locale ) { 
    420             restore_previous_locale(); 
    421         } 
    422     } 
    423 } 
    424  
    425 /** 
    426  * Adds an admin notice alerting the user to check for confirmation email 
    427  * after email address change. 
    428  * 
    429  * @since 3.0.0 
    430  * 
    431  * @global string $pagenow 
    432  */ 
    433 function new_user_email_admin_notice() { 
    434     global $pagenow; 
    435     if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) { 
    436         /* translators: %s: New email address */ 
    437         echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>'; 
    438335    } 
    439336} 
Note: See TracChangeset for help on using the changeset viewer.