WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/27/17 02:23:26 (6 months ago)
Author:
johnbillion
Message:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r41113 r41164  
    56505650    return $last_changed; 
    56515651} 
     5652 
     5653/** 
     5654 * Send an email to the old site admin email address when the site admin email address changes. 
     5655 * 
     5656 * @since 4.9.0 
     5657 * 
     5658 * @param string $old_email   The old site admin email address. 
     5659 * @param string $new_email   The new site admin email address. 
     5660 * @param string $option_name The relevant database option name. 
     5661 */ 
     5662function wp_site_admin_email_change_notification( $old_email, $new_email, $option_name ) { 
     5663    /** 
     5664     * Filters whether to send the site admin email change notification email. 
     5665     * 
     5666     * @since 4.9.0 
     5667     * 
     5668     * @param bool   $send      Whether to send the email notification. 
     5669     * @param string $old_email The old site admin email address. 
     5670     * @param string $new_email The new site admin email address. 
     5671     */ 
     5672    $send = apply_filters( 'send_site_admin_email_change_email', true, $old_email, $new_email ); 
     5673 
     5674    if ( ! $send ) { 
     5675        return; 
     5676    } 
     5677 
     5678    /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */ 
     5679    $email_change_text = __( 'Hi, 
     5680 
     5681This notice confirms that the admin email address was changed on ###SITENAME###. 
     5682 
     5683The new admin email address is ###NEW_EMAIL###. 
     5684 
     5685This email has been sent to ###OLD_EMAIL### 
     5686 
     5687Regards, 
     5688All at ###SITENAME### 
     5689###SITEURL###' ); 
     5690 
     5691    $email_change_email = array( 
     5692        'to'      => $old_email, 
     5693        /* translators: Site admin email change notification email subject. %s: Site title */ 
     5694        'subject' => __( '[%s] Notice of Admin Email Change' ), 
     5695        'message' => $email_change_text, 
     5696        'headers' => '', 
     5697    ); 
     5698    // get site name 
     5699    $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); 
     5700 
     5701    /** 
     5702     * Filters the contents of the email notification sent when the site admin email address is changed. 
     5703     * 
     5704     * @since 4.9.0 
     5705     * 
     5706     * @param array $email_change_email { 
     5707     *            Used to build wp_mail(). 
     5708     * 
     5709     *            @type string $to      The intended recipient. 
     5710     *            @type string $subject The subject of the email. 
     5711     *            @type string $message The content of the email. 
     5712     *                The following strings have a special meaning and will get replaced dynamically: 
     5713     *                - ###OLD_EMAIL### The old site admin email address. 
     5714     *                - ###NEW_EMAIL### The new site admin email address. 
     5715     *                - ###SITENAME###  The name of the site. 
     5716     *                - ###SITEURL###   The URL to the site. 
     5717     *            @type string $headers Headers. 
     5718     *        } 
     5719     * @param string $old_email The old site admin email address. 
     5720     * @param string $new_email The new site admin email address. 
     5721     */ 
     5722    $email_change_email = apply_filters( 'site_admin_email_change_email', $email_change_email, $old_email, $new_email ); 
     5723 
     5724    $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] ); 
     5725    $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] ); 
     5726    $email_change_email['message'] = str_replace( '###SITENAME###',  $site_name, $email_change_email['message'] ); 
     5727    $email_change_email['message'] = str_replace( '###SITEURL###',   home_url(), $email_change_email['message'] ); 
     5728 
     5729    wp_mail( $email_change_email['to'], sprintf( 
     5730        $email_change_email['subject'], 
     5731        $blog_name 
     5732    ), $email_change_email['message'], $email_change_email['headers'] ); 
     5733} 
Note: See TracChangeset for help on using the changeset viewer.