WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/27/2017 02:23:26 AM (10 months ago)
Author:
johnbillion
Message:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r41113 r41164  
    56505650    return $last_changed;
    56515651}
     5652
     5653/**
     5654 * Send an email to the old site admin email address when the site admin email address changes.
     5655 *
     5656 * @since 4.9.0
     5657 *
     5658 * @param string $old_email   The old site admin email address.
     5659 * @param string $new_email   The new site admin email address.
     5660 * @param string $option_name The relevant database option name.
     5661 */
     5662function wp_site_admin_email_change_notification( $old_email, $new_email, $option_name ) {
     5663    /**
     5664     * Filters whether to send the site admin email change notification email.
     5665     *
     5666     * @since 4.9.0
     5667     *
     5668     * @param bool   $send      Whether to send the email notification.
     5669     * @param string $old_email The old site admin email address.
     5670     * @param string $new_email The new site admin email address.
     5671     */
     5672    $send = apply_filters( 'send_site_admin_email_change_email', true, $old_email, $new_email );
     5673
     5674    if ( ! $send ) {
     5675        return;
     5676    }
     5677
     5678    /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */
     5679    $email_change_text = __( 'Hi,
     5680
     5681This notice confirms that the admin email address was changed on ###SITENAME###.
     5682
     5683The new admin email address is ###NEW_EMAIL###.
     5684
     5685This email has been sent to ###OLD_EMAIL###
     5686
     5687Regards,
     5688All at ###SITENAME###
     5689###SITEURL###' );
     5690
     5691    $email_change_email = array(
     5692        'to'      => $old_email,
     5693        /* translators: Site admin email change notification email subject. %s: Site title */
     5694        'subject' => __( '[%s] Notice of Admin Email Change' ),
     5695        'message' => $email_change_text,
     5696        'headers' => '',
     5697    );
     5698    // get site name
     5699    $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
     5700
     5701    /**
     5702     * Filters the contents of the email notification sent when the site admin email address is changed.
     5703     *
     5704     * @since 4.9.0
     5705     *
     5706     * @param array $email_change_email {
     5707     *            Used to build wp_mail().
     5708     *
     5709     *            @type string $to      The intended recipient.
     5710     *            @type string $subject The subject of the email.
     5711     *            @type string $message The content of the email.
     5712     *                The following strings have a special meaning and will get replaced dynamically:
     5713     *                - ###OLD_EMAIL### The old site admin email address.
     5714     *                - ###NEW_EMAIL### The new site admin email address.
     5715     *                - ###SITENAME###  The name of the site.
     5716     *                - ###SITEURL###   The URL to the site.
     5717     *            @type string $headers Headers.
     5718     *        }
     5719     * @param string $old_email The old site admin email address.
     5720     * @param string $new_email The new site admin email address.
     5721     */
     5722    $email_change_email = apply_filters( 'site_admin_email_change_email', $email_change_email, $old_email, $new_email );
     5723
     5724    $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] );
     5725    $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] );
     5726    $email_change_email['message'] = str_replace( '###SITENAME###',  $site_name, $email_change_email['message'] );
     5727    $email_change_email['message'] = str_replace( '###SITEURL###',   home_url(), $email_change_email['message'] );
     5728
     5729    wp_mail( $email_change_email['to'], sprintf(
     5730        $email_change_email['subject'],
     5731        $blog_name
     5732    ), $email_change_email['message'], $email_change_email['headers'] );
     5733}
Note: See TracChangeset for help on using the changeset viewer.