Make WordPress Core


Ignore:
Timestamp:
08/14/2017 08:12:23 PM (7 years ago)
Author:
johnbillion
Message:

Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/misc.php

    r38893 r41254  
    937937    <?php
    938938}
     939
     940/**
     941 * Send a confirmation request email when a change of site admin email address is attempted.
     942 *
     943 * The new site admin address will not become active until confirmed.
     944 *
     945 * @since 3.0.0
     946 * @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
     947 *
     948 * @param string $old_value The old site admin email address.
     949 * @param string $value     The proposed new site admin email address.
     950 */
     951function update_option_new_admin_email( $old_value, $value ) {
     952    if ( $value == get_option( 'admin_email' ) || ! is_email( $value ) ) {
     953        return;
     954    }
     955
     956    $hash = md5( $value . time() . mt_rand() );
     957    $new_admin_email = array(
     958        'hash'     => $hash,
     959        'newemail' => $value,
     960    );
     961    update_option( 'adminhash', $new_admin_email );
     962
     963    $switched_locale = switch_to_locale( get_user_locale() );
     964
     965    /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     966    $email_text = __( 'Howdy ###USERNAME###,
     967
     968You recently requested to have the administration email address on
     969your site changed.
     970
     971If this is correct, please click on the following link to change it:
     972###ADMIN_URL###
     973
     974You can safely ignore and delete this email if you do not want to
     975take this action.
     976
     977This email has been sent to ###EMAIL###
     978
     979Regards,
     980All at ###SITENAME###
     981###SITEURL###' );
     982
     983    /**
     984     * Filters the text of the email sent when a change of site admin email address is attempted.
     985     *
     986     * The following strings have a special meaning and will get replaced dynamically:
     987     * ###USERNAME###  The current user's username.
     988     * ###ADMIN_URL### The link to click on to confirm the email change.
     989     * ###EMAIL###     The proposed new site admin email address.
     990     * ###SITENAME###  The name of the site.
     991     * ###SITEURL###   The URL to the site.
     992     *
     993     * @since MU (3.0.0)
     994     * @since 4.9.0 This filter is no longer Multisite specific.
     995     *
     996     * @param string $email_text      Text in the email.
     997     * @param array  $new_admin_email {
     998     *     Data relating to the new site admin email address.
     999     *
     1000     *     @type string $hash     The secure hash used in the confirmation link URL.
     1001     *     @type string $newemail The proposed new site admin email address.
     1002     * }
     1003     */
     1004    $content = apply_filters( 'new_admin_email_content', $email_text, $new_admin_email );
     1005
     1006    $current_user = wp_get_current_user();
     1007    $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
     1008    $content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'options.php?adminhash=' . $hash ) ), $content );
     1009    $content = str_replace( '###EMAIL###', $value, $content );
     1010    $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), $content );
     1011    $content = str_replace( '###SITEURL###', home_url(), $content );
     1012
     1013    wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
     1014
     1015    if ( $switched_locale ) {
     1016        restore_previous_locale();
     1017    }
     1018}
Note: See TracChangeset for help on using the changeset viewer.