Make WordPress Core


Ignore:
Timestamp:
07/27/2017 02:23:26 AM (7 years ago)
Author:
johnbillion
Message:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ms-functions.php

    r41058 r41164  
    25582558    return apply_filters( 'subdirectory_reserved_names', $names );
    25592559}
     2560
     2561/**
     2562 * Send an email to the old network admin email address when the network admin email address changes.
     2563 *
     2564 * @since 4.9.0
     2565 *
     2566 * @param string $option_name The relevant database option name.
     2567 * @param string $new_email   The new network admin email address.
     2568 * @param string $old_email   The old network admin email address.
     2569 * @param int    $network_id  ID of the network.
     2570 */
     2571function wp_network_admin_email_change_notification( $option_name, $new_email, $old_email, $network_id ) {
     2572    /**
     2573     * Filters whether to send the network admin email change notification email.
     2574     *
     2575     * @since 4.9.0
     2576     *
     2577     * @param bool   $send       Whether to send the email notification.
     2578     * @param string $old_email  The old network admin email address.
     2579     * @param string $new_email  The new network admin email address.
     2580     * @param int    $network_id ID of the network.
     2581     */
     2582    $send = apply_filters( 'send_network_admin_email_change_email', true, $old_email, $new_email, $network_id );
     2583
     2584    if ( ! $send ) {
     2585        return;
     2586    }
     2587
     2588    /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */
     2589    $email_change_text = __( 'Hi,
     2590
     2591This notice confirms that the network admin email address was changed on ###SITENAME###.
     2592
     2593The new network admin email address is ###NEW_EMAIL###.
     2594
     2595This email has been sent to ###OLD_EMAIL###
     2596
     2597Regards,
     2598All at ###SITENAME###
     2599###SITEURL###' );
     2600
     2601    $email_change_email = array(
     2602        'to'      => $old_email,
     2603        /* translators: Network admin email change notification email subject. %s: Network title */
     2604        'subject' => __( '[%s] Notice of Network Admin Email Change' ),
     2605        'message' => $email_change_text,
     2606        'headers' => '',
     2607    );
     2608    // get network name
     2609    $network_name = wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES );
     2610
     2611    /**
     2612     * Filters the contents of the email notification sent when the network admin email address is changed.
     2613     *
     2614     * @since 4.9.0
     2615     *
     2616     * @param array $email_change_email {
     2617     *            Used to build wp_mail().
     2618     *
     2619     *            @type string $to      The intended recipient.
     2620     *            @type string $subject The subject of the email.
     2621     *            @type string $message The content of the email.
     2622     *                The following strings have a special meaning and will get replaced dynamically:
     2623     *                - ###OLD_EMAIL### The old network admin email address.
     2624     *                - ###NEW_EMAIL### The new network admin email address.
     2625     *                - ###SITENAME###  The name of the network.
     2626     *                - ###SITEURL###   The URL to the site.
     2627     *            @type string $headers Headers.
     2628     *        }
     2629     * @param string $old_email  The old network admin email address.
     2630     * @param string $new_email  The new network admin email address.
     2631     * @param int    $network_id ID of the network.
     2632     */
     2633    $email_change_email = apply_filters( 'network_admin_email_change_email', $email_change_email, $old_email, $new_email, $network_id );
     2634
     2635    $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email,    $email_change_email['message'] );
     2636    $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email,    $email_change_email['message'] );
     2637    $email_change_email['message'] = str_replace( '###SITENAME###',  $network_name, $email_change_email['message'] );
     2638    $email_change_email['message'] = str_replace( '###SITEURL###',   home_url(),    $email_change_email['message'] );
     2639
     2640    wp_mail( $email_change_email['to'], sprintf(
     2641        $email_change_email['subject'],
     2642        $network_name
     2643    ), $email_change_email['message'], $email_change_email['headers'] );
     2644}
Note: See TracChangeset for help on using the changeset viewer.