Make WordPress Core


Ignore:
Timestamp:
05/01/2018 11:36:37 PM (7 years ago)
Author:
SergeyBiryukov
Message:

Privacy: fixes and updates for the method to confirm user requests by email.

  • Improve function and variable names.
  • Allow extra data to be passed with the request.
  • Make the option/user meta names more consistent.
  • Adds an inline comment explaining use of hash.

Props mikejolley.
Merges [42964] to the 4.9 branch.
See #43443.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-login.php

    r43069 r43070  
    414414
    415415// validate action so as to default to the login screen
    416 if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'emailconfirm' ), true ) && false === has_filter( 'login_form_' . $action ) )
     416if ( !in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'verifyaccount' ), true ) && false === has_filter( 'login_form_' . $action ) )
    417417    $action = 'login';
    418418
     
    839839break;
    840840
    841 case 'emailconfirm' :
     841case 'verifyaccount' :
    842842    if ( isset( $_GET['confirm_action'], $_GET['confirm_key'], $_GET['uid'] ) ) {
    843         $action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) );
    844843        $key         = sanitize_text_field( wp_unslash( $_GET['confirm_key'] ) );
    845844        $uid         = sanitize_text_field( wp_unslash( $_GET['uid'] ) );
    846         $result      = check_confirm_account_action_key( $action_name, $key, $uid );
     845        $action_name = sanitize_key( wp_unslash( $_GET['confirm_action'] ) );
     846        $result      = wp_check_account_verification_key( $key, $uid, $action_name );
    847847    } else {
    848848        $result = new WP_Error( 'invalid_key', __( 'Invalid key' ) );
Note: See TracChangeset for help on using the changeset viewer.