WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/14/17 20:12:23 (5 months ago)
Author:
johnbillion
Message:

Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/options-general.php

    r40823 r41254  
    5757 
    5858<table class="form-table"> 
     59 
    5960<tr> 
    6061<th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th> 
    6162<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td> 
    6263</tr> 
     64 
    6365<tr> 
    6466<th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th> 
     
    6668<p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td> 
    6769</tr> 
     70 
    6871<?php if ( !is_multisite() ) { ?> 
     72 
    6973<tr> 
    7074<th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th> 
    7175<td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td> 
    7276</tr> 
     77 
    7378<tr> 
    7479<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th> 
     
    7883<?php endif; ?> 
    7984</tr> 
    80 <tr> 
    81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th> 
    82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
    83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td> 
    84 </tr> 
     85 
     86<?php } ?> 
     87 
     88<tr> 
     89<th scope="row"><label for="new_admin_email"><?php _e( 'Email Address' ); ?></label></th> 
     90<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
     91<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?></p> 
     92<?php 
     93$new_admin_email = get_option( 'new_admin_email' ); 
     94if ( $new_admin_email && $new_admin_email != get_option( 'admin_email' ) ) : ?> 
     95    <div class="updated inline"> 
     96    <p><?php 
     97        printf( 
     98            /* translators: %s: new admin email */ 
     99            __( 'There is a pending change of the admin email to %s.' ), 
     100            '<code>' . esc_html( $new_admin_email ) . '</code>' 
     101        ); 
     102        printf( 
     103            ' <a href="%1$s">%2$s</a>', 
     104            esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 
     105            __( 'Cancel' ) 
     106        ); 
     107    ?></p> 
     108    </div> 
     109<?php endif; ?> 
     110</td> 
     111</tr> 
     112 
     113<?php if ( ! is_multisite() ) { ?> 
     114 
    85115<tr> 
    86116<th scope="row"><?php _e('Membership') ?></th> 
     
    90120</fieldset></td> 
    91121</tr> 
     122 
    92123<tr> 
    93124<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th> 
     
    96127</td> 
    97128</tr> 
    98 <?php } else { ?> 
    99 <tr> 
    100 <th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th> 
    101 <td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" /> 
    102 <p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p> 
    103 <?php 
    104 $new_admin_email = get_option( 'new_admin_email' ); 
    105 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?> 
    106 <div class="updated inline"> 
    107 <p><?php 
    108     printf( 
    109         /* translators: %s: new admin email */ 
    110         __( 'There is a pending change of the admin email to %s.' ), 
    111         '<code>' . esc_html( $new_admin_email ) . '</code>' 
    112     ); 
    113     printf( 
    114         ' <a href="%1$s">%2$s</a>', 
    115         esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ), 
    116         __( 'Cancel' ) 
    117     ); 
    118 ?></p> 
    119 </div> 
    120 <?php endif; ?> 
    121 </td> 
    122 </tr> 
     129 
    123130<?php } 
    124131 
Note: See TracChangeset for help on using the changeset viewer.