WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/27/17 02:23:26 (6 months ago)
Author:
johnbillion
Message:

Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.

This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed.

Props MatheusGimenez, johnbillion

Fixes #39117

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ms-functions.php

    r41058 r41164  
    25582558    return apply_filters( 'subdirectory_reserved_names', $names ); 
    25592559} 
     2560 
     2561/** 
     2562 * Send an email to the old network admin email address when the network admin email address changes. 
     2563 * 
     2564 * @since 4.9.0 
     2565 * 
     2566 * @param string $option_name The relevant database option name. 
     2567 * @param string $new_email   The new network admin email address. 
     2568 * @param string $old_email   The old network admin email address. 
     2569 * @param int    $network_id  ID of the network. 
     2570 */ 
     2571function wp_network_admin_email_change_notification( $option_name, $new_email, $old_email, $network_id ) { 
     2572    /** 
     2573     * Filters whether to send the network admin email change notification email. 
     2574     * 
     2575     * @since 4.9.0 
     2576     * 
     2577     * @param bool   $send       Whether to send the email notification. 
     2578     * @param string $old_email  The old network admin email address. 
     2579     * @param string $new_email  The new network admin email address. 
     2580     * @param int    $network_id ID of the network. 
     2581     */ 
     2582    $send = apply_filters( 'send_network_admin_email_change_email', true, $old_email, $new_email, $network_id ); 
     2583 
     2584    if ( ! $send ) { 
     2585        return; 
     2586    } 
     2587 
     2588    /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */ 
     2589    $email_change_text = __( 'Hi, 
     2590 
     2591This notice confirms that the network admin email address was changed on ###SITENAME###. 
     2592 
     2593The new network admin email address is ###NEW_EMAIL###. 
     2594 
     2595This email has been sent to ###OLD_EMAIL### 
     2596 
     2597Regards, 
     2598All at ###SITENAME### 
     2599###SITEURL###' ); 
     2600 
     2601    $email_change_email = array( 
     2602        'to'      => $old_email, 
     2603        /* translators: Network admin email change notification email subject. %s: Network title */ 
     2604        'subject' => __( '[%s] Notice of Network Admin Email Change' ), 
     2605        'message' => $email_change_text, 
     2606        'headers' => '', 
     2607    ); 
     2608    // get network name 
     2609    $network_name = wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ); 
     2610 
     2611    /** 
     2612     * Filters the contents of the email notification sent when the network admin email address is changed. 
     2613     * 
     2614     * @since 4.9.0 
     2615     * 
     2616     * @param array $email_change_email { 
     2617     *            Used to build wp_mail(). 
     2618     * 
     2619     *            @type string $to      The intended recipient. 
     2620     *            @type string $subject The subject of the email. 
     2621     *            @type string $message The content of the email. 
     2622     *                The following strings have a special meaning and will get replaced dynamically: 
     2623     *                - ###OLD_EMAIL### The old network admin email address. 
     2624     *                - ###NEW_EMAIL### The new network admin email address. 
     2625     *                - ###SITENAME###  The name of the network. 
     2626     *                - ###SITEURL###   The URL to the site. 
     2627     *            @type string $headers Headers. 
     2628     *        } 
     2629     * @param string $old_email  The old network admin email address. 
     2630     * @param string $new_email  The new network admin email address. 
     2631     * @param int    $network_id ID of the network. 
     2632     */ 
     2633    $email_change_email = apply_filters( 'network_admin_email_change_email', $email_change_email, $old_email, $new_email, $network_id ); 
     2634 
     2635    $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email,    $email_change_email['message'] ); 
     2636    $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email,    $email_change_email['message'] ); 
     2637    $email_change_email['message'] = str_replace( '###SITENAME###',  $network_name, $email_change_email['message'] ); 
     2638    $email_change_email['message'] = str_replace( '###SITEURL###',   home_url(),    $email_change_email['message'] ); 
     2639 
     2640    wp_mail( $email_change_email['to'], sprintf( 
     2641        $email_change_email['subject'], 
     2642        $network_name 
     2643    ), $email_change_email['message'], $email_change_email['headers'] ); 
     2644} 
Note: See TracChangeset for help on using the changeset viewer.