Make WordPress Core

Changeset 43388


Ignore:
Timestamp:
07/03/2018 04:59:36 PM (6 years ago)
Author:
flixos90
Message:

Privacy: Use consistent values for the site name and URL used in notification emails.

The functions send_confirmation_on_profile_email(), _wp_privacy_send_request_confirmation_notification(), _wp_privacy_send_erasure_fulfillment_notification(), and wp_send_user_request() all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Fixes #44396.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/user.php

    r43379 r43388  
    27342734        update_user_meta( $current_user->ID, '_new_email', $new_user_email );
    27352735
    2736         if ( is_multisite() ) {
    2737             $sitename = get_site_option( 'site_name' );
    2738         } else {
    2739             $sitename = get_option( 'blogname' );
    2740         }
     2736        $sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    27412737
    27422738        /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
     
    27852781        $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
    27862782        $content = str_replace( '###EMAIL###', $_POST['email'], $content );
    2787         $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content );
    2788         $content = str_replace( '###SITEURL###', network_home_url(), $content );
    2789 
    2790         wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
     2783        $content = str_replace( '###SITENAME###', $sitename, $content );
     2784        $content = str_replace( '###SITEURL###', home_url(), $content );
     2785
     2786        wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), $sitename ), $content );
    27912787
    27922788        $_POST['email'] = $current_user->user_email;
     
    29982994        'description' => $action_description,
    29992995        'manage_url'  => $manage_url,
    3000         'sitename'    => get_option( 'blogname' ),
     2996        'sitename'    => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
    30012997        'siteurl'     => home_url(),
    30022998        'admin_email' => $admin_email,
     
    30503046    $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
    30513047
    3052     $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
     3048    $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
    30533049    $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
    30543050    $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
     
    30563052    $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
    30573053
    3058     $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    3059 
    30603054    $subject = sprintf(
    30613055        /* translators: 1: Site name. 2: Name of the confirmed action. */
    30623056        __( '[%1$s] Action Confirmed: %2$s' ),
    3063         $blogname,
     3057        $email_data['sitename'],
    30643058        $action_description
    30653059    );
     
    30713065     *
    30723066     * @param string $subject    The email subject.
    3073      * @param string $blogname   The name of the site.
     3067     * @param string $sitename   The name of the site.
    30743068     * @param array  $email_data {
    30753069     *     Data relating to the account action email.
     
    30843078     * }
    30853079     */
    3086     $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $blogname, $email_data );
     3080    $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data );
    30873081
    30883082    $email_sent = wp_mail( $email_data['admin_email'], $subject, $content );
     
    31143108        return;
    31153109    }
    3116 
    3117     $subject = sprintf(
    3118         /* translators: %s Site name. */
    3119         __( '[%s] Erasure Request Fulfilled' ),
    3120         wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES )
    3121     );
    31223110
    31233111    /**
     
    31353123        'message_recipient'  => $user_email,
    31363124        'privacy_policy_url' => get_privacy_policy_url(),
    3137         'sitename'           => get_option( 'blogname' ),
     3125        'sitename'           => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
    31383126        'siteurl'            => home_url(),
     3127    );
     3128
     3129    $subject  = sprintf(
     3130        /* translators: %s: Site name. */
     3131        __( '[%s] Erasure Request Fulfilled' ),
     3132        $email_data['sitename']
    31393133    );
    31403134
     
    31983192    $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
    31993193
    3200     $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
     3194    $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
    32013195    $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
    32023196    $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
     
    33613355            'confirm_key' => wp_generate_user_request_key( $request_id ),
    33623356        ), wp_login_url() ),
    3363         'sitename'    => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ),
    3364         'siteurl'     => network_home_url(),
     3357        'sitename'    => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
     3358        'siteurl'     => home_url(),
    33653359    );
    33663360
     
    34133407    $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
    34143408    $content = str_replace( '###EMAIL###', $email_data['email'], $content );
    3415     $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
     3409    $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
    34163410    $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
    34173411
    3418     $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
    3419 
    34203412    /* translators: Privacy data request subject. 1: Site name, 2: Name of the action */
    3421     $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $blogname, $email_data['description'] );
     3413    $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] );
    34223414
    34233415    /**
     
    34273419     *
    34283420     * @param string $subject    The email subject.
    3429      * @param string $blogname   The name of the site.
     3421     * @param string $sitename   The name of the site.
    34303422     * @param array  $email_data {
    34313423     *     Data relating to the account action email.
     
    34393431     * }
    34403432     */
    3441     $subject = apply_filters( 'user_request_action_email_subject', $subject, $blogname, $email_data );
     3433    $subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data );
    34423434
    34433435    return wp_mail( $email_data['email'], $subject, $content );
Note: See TracChangeset for help on using the changeset viewer.