Make WordPress Core


Ignore:
Timestamp:
08/14/2017 08:12:23 PM (7 years ago)
Author:
johnbillion
Message:

Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/options-general.php

    r40823 r41254  
    5757
    5858<table class="form-table">
     59
    5960<tr>
    6061<th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th>
    6162<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td>
    6263</tr>
     64
    6365<tr>
    6466<th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th>
     
    6668<p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td>
    6769</tr>
     70
    6871<?php if ( !is_multisite() ) { ?>
     72
    6973<tr>
    7074<th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th>
    7175<td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td>
    7276</tr>
     77
    7378<tr>
    7479<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th>
     
    7883<?php endif; ?>
    7984</tr>
    80 <tr>
    81 <th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th>
    82 <td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
    83 <p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td>
    84 </tr>
     85
     86<?php } ?>
     87
     88<tr>
     89<th scope="row"><label for="new_admin_email"><?php _e( 'Email Address' ); ?></label></th>
     90<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
     91<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?></p>
     92<?php
     93$new_admin_email = get_option( 'new_admin_email' );
     94if ( $new_admin_email && $new_admin_email != get_option( 'admin_email' ) ) : ?>
     95    <div class="updated inline">
     96    <p><?php
     97        printf(
     98            /* translators: %s: new admin email */
     99            __( 'There is a pending change of the admin email to %s.' ),
     100            '<code>' . esc_html( $new_admin_email ) . '</code>'
     101        );
     102        printf(
     103            ' <a href="%1$s">%2$s</a>',
     104            esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
     105            __( 'Cancel' )
     106        );
     107    ?></p>
     108    </div>
     109<?php endif; ?>
     110</td>
     111</tr>
     112
     113<?php if ( ! is_multisite() ) { ?>
     114
    85115<tr>
    86116<th scope="row"><?php _e('Membership') ?></th>
     
    90120</fieldset></td>
    91121</tr>
     122
    92123<tr>
    93124<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th>
     
    96127</td>
    97128</tr>
    98 <?php } else { ?>
    99 <tr>
    100 <th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th>
    101 <td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
    102 <p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p>
    103 <?php
    104 $new_admin_email = get_option( 'new_admin_email' );
    105 if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
    106 <div class="updated inline">
    107 <p><?php
    108     printf(
    109         /* translators: %s: new admin email */
    110         __( 'There is a pending change of the admin email to %s.' ),
    111         '<code>' . esc_html( $new_admin_email ) . '</code>'
    112     );
    113     printf(
    114         ' <a href="%1$s">%2$s</a>',
    115         esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
    116         __( 'Cancel' )
    117     );
    118 ?></p>
    119 </div>
    120 <?php endif; ?>
    121 </td>
    122 </tr>
     129
    123130<?php }
    124131
Note: See TracChangeset for help on using the changeset viewer.