Make WordPress Core


Ignore:
Timestamp:
05/01/2018 11:33:17 PM (7 years ago)
Author:
SergeyBiryukov
Message:

Add a method to confirm user requests by email. First run.

Props mikejolley.
Merges [42791] to the 4.9 branch.
See #43443.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-login.php

    r42895 r43069  
    414414
    415415// validate action so as to default to the login screen
    416 if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login' ), true ) && false === has_filter( 'login_form_' . $action ) )
     416if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'emailconfirm' ), true ) && false === has_filter( 'login_form_' . $action ) )
    417417    $action = 'login';
    418418
     
    838838
    839839break;
     840
     841case 'emailconfirm' :
     842    if ( isset( $_GET['confirm_action'], $_GET['confirm_key'], $_GET['uid'] ) ) {
     843        $action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) );
     844        $key         = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
     845        $uid         = sanitize_text_field( wp_unslash( $_GET['uid'] ) );
     846        $result      = check_confirm_account_action_key( $action_name, $key, $uid );
     847    } else {
     848        $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
     849    }
     850
     851    if ( is_wp_error( $result ) ) {
     852        /**
     853         * Fires an action hook when the account action was not confirmed.
     854         *
     855         * After running this action hook the page will die.
     856         *
     857         * @param WP_Error $result Error object.
     858         */
     859        do_action( 'account_action_failed', $result );
     860
     861        wp_die( $result );
     862    }
     863   
     864    /**
     865     * Fires an action hook when the account action has been confirmed by the user.
     866     *
     867     * Using this you can assume the user has agreed to perform the action by
     868     * clicking on the link in the confirmation email.
     869     *
     870     * After firing this action hook the page will redirect to wp-login a callback
     871     * redirects or exits first.
     872     *
     873     * @param array $result {
     874     *     Data about the action which was confirmed.
     875     *
     876     *     @type string $action Name of the action that was confirmed.
     877     *     @type string $email  Email of the user who confirmed the action.
     878     * }
     879     */
     880    do_action( 'account_action_confirmed', $result );
     881
     882    $message = '<p class="message">' . __( 'Action has been confirmed.' ) . '</p>';
     883    login_header( '', $message );
     884    login_footer();
     885    exit;
    840886
    841887case 'login' :
Note: See TracChangeset for help on using the changeset viewer.