WordPress.org

Make WordPress Core

Changeset 41617


Ignore:
Timestamp:
09/27/2017 02:16:21 PM (3 years ago)
Author:
johnbillion
Message:

Options, Meta APIs: Require a confirmation link in an email to be clicked when a user attempts to change the network
admin email address on Multisite.

This mirrors the same functionality for the site admin email address and user profile email address.

Fixes #41254

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ms-admin-filters.php

    r41254 r41617  
    3939add_action( 'network_admin_notices', 'update_nag',      3  );
    4040add_action( 'network_admin_notices', 'maintenance_nag', 10 );
     41
     42// Network Admin Hooks
     43add_action( 'add_site_option_new_admin_email',    'update_network_option_new_admin_email', 10, 2 );
     44add_action( 'update_site_option_new_admin_email', 'update_network_option_new_admin_email', 10, 2 );
  • trunk/src/wp-admin/network/settings.php

    r41289 r41617  
    1919$title = __( 'Network Settings' );
    2020$parent_file = 'settings.php';
     21
     22// Handle network admin email change requests
     23if ( ! empty( $_GET[ 'network_admin_hash' ] ) ) {
     24    $new_admin_details = get_site_option( 'network_admin_hash' );
     25    $redirect = 'settings.php?updated=false';
     26    if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'network_admin_hash' ] ) && ! empty( $new_admin_details[ 'newemail' ] ) ) {
     27        update_site_option( 'admin_email', $new_admin_details[ 'newemail' ] );
     28        delete_site_option( 'network_admin_hash' );
     29        delete_site_option( 'new_admin_email' );
     30        $redirect = 'settings.php?updated=true';
     31    }
     32    wp_redirect( network_admin_url( $redirect ) );
     33    exit;
     34} elseif ( ! empty( $_GET['dismiss'] ) && 'new_network_admin_email' == $_GET['dismiss'] ) {
     35    check_admin_referer( 'dismiss_new_network_admin_email' );
     36    delete_site_option( 'network_admin_hash' );
     37    delete_site_option( 'new_admin_email' );
     38    wp_redirect( network_admin_url( 'settings.php?updated=true' ) );
     39    exit;
     40}
    2141
    2242add_action( 'admin_head', 'network_settings_add_js' );
     
    5979        'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author',
    6080        'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'global_terms_enabled',
    61         'illegal_names', 'limited_email_domains', 'banned_email_domains', 'WPLANG', 'admin_email',
     81        'illegal_names', 'limited_email_domains', 'banned_email_domains', 'WPLANG', 'new_admin_email',
    6282        'first_comment_email',
    6383    );
     
    112132                <th scope="row"><label for="admin_email"><?php _e( 'Network Admin Email' ) ?></label></th>
    113133                <td>
    114                     <input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-desc" class="regular-text" value="<?php echo esc_attr( get_site_option( 'admin_email' ) ) ?>" />
     134                    <input name="new_admin_email" type="email" id="admin_email" aria-describedby="admin-email-desc" class="regular-text" value="<?php echo esc_attr( get_site_option( 'admin_email' ) ) ?>" />
    115135                    <p class="description" id="admin-email-desc">
    116                         <?php _e( 'This email address will receive notifications. Registration and support emails will also come from this address.' ); ?>
    117                     </p>
     136                        <?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?>
     137                    </p>
     138                    <?php
     139                    $new_admin_email = get_site_option( 'new_admin_email' );
     140                    if ( $new_admin_email && $new_admin_email != get_site_option( 'admin_email' ) ) : ?>
     141                        <div class="updated inline">
     142                        <p><?php
     143                            printf(
     144                                /* translators: %s: new network admin email */
     145                                __( 'There is a pending change of the network admin email to %s.' ),
     146                                '<code>' . esc_html( $new_admin_email ) . '</code>'
     147                            );
     148                            printf(
     149                                ' <a href="%1$s">%2$s</a>',
     150                                esc_url( wp_nonce_url( network_admin_url( 'settings.php?dismiss=new_network_admin_email' ), 'dismiss_new_network_admin_email' ) ),
     151                                __( 'Cancel' )
     152                            );
     153                        ?></p>
     154                        </div>
     155                    <?php endif; ?>
    118156                </td>
    119157            </tr>
  • trunk/src/wp-includes/ms-functions.php

    r41613 r41617  
    26042604
    26052605/**
     2606 * Send a confirmation request email when a change of network admin email address is attempted.
     2607 *
     2608 * The new network admin address will not become active until confirmed.
     2609 *
     2610 * @since 4.9.0
     2611 *
     2612 * @param string $old_value The old network admin email address.
     2613 * @param string $value     The proposed new network admin email address.
     2614 */
     2615function update_network_option_new_admin_email( $old_value, $value ) {
     2616    if ( $value == get_site_option( 'admin_email' ) || ! is_email( $value ) ) {
     2617        return;
     2618    }
     2619
     2620    $hash = md5( $value . time() . mt_rand() );
     2621    $new_admin_email = array(
     2622        'hash'     => $hash,
     2623        'newemail' => $value,
     2624    );
     2625    update_site_option( 'network_admin_hash', $new_admin_email );
     2626
     2627    $switched_locale = switch_to_locale( get_user_locale() );
     2628
     2629    /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     2630    $email_text = __( 'Howdy ###USERNAME###,
     2631
     2632You recently requested to have the network admin email address on
     2633your network changed.
     2634
     2635If this is correct, please click on the following link to change it:
     2636###ADMIN_URL###
     2637
     2638You can safely ignore and delete this email if you do not want to
     2639take this action.
     2640
     2641This email has been sent to ###EMAIL###
     2642
     2643Regards,
     2644All at ###SITENAME###
     2645###SITEURL###' );
     2646
     2647    /**
     2648     * Filters the text of the email sent when a change of network admin email address is attempted.
     2649     *
     2650     * The following strings have a special meaning and will get replaced dynamically:
     2651     * ###USERNAME###  The current user's username.
     2652     * ###ADMIN_URL### The link to click on to confirm the email change.
     2653     * ###EMAIL###     The proposed new network admin email address.
     2654     * ###SITENAME###  The name of the network.
     2655     * ###SITEURL###   The URL to the network.
     2656     *
     2657     * @since 4.9.0
     2658     *
     2659     * @param string $email_text      Text in the email.
     2660     * @param array  $new_admin_email {
     2661     *     Data relating to the new network admin email address.
     2662     *
     2663     *     @type string $hash     The secure hash used in the confirmation link URL.
     2664     *     @type string $newemail The proposed new network admin email address.
     2665     * }
     2666     */
     2667    $content = apply_filters( 'new_network_admin_email_content', $email_text, $new_admin_email );
     2668
     2669    $current_user = wp_get_current_user();
     2670    $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
     2671    $content = str_replace( '###ADMIN_URL###', esc_url( network_admin_url( 'settings.php?network_admin_hash=' . $hash ) ), $content );
     2672    $content = str_replace( '###EMAIL###', $value, $content );
     2673    $content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
     2674    $content = str_replace( '###SITEURL###', network_home_url(), $content );
     2675
     2676    wp_mail( $value, sprintf( __( '[%s] New Network Admin Email Address' ), wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ) ), $content );
     2677
     2678    if ( $switched_locale ) {
     2679        restore_previous_locale();
     2680    }
     2681}
     2682
     2683/**
    26062684 * Send an email to the old network admin email address when the network admin email address changes.
    26072685 *
Note: See TracChangeset for help on using the changeset viewer.