Make WordPress Core


Ignore:
Timestamp:
07/16/2018 02:23:26 PM (6 years ago)
Author:
SergeyBiryukov
Message:

Privacy: Use consistent values for the site name and URL used in notification emails.

The functions send_confirmation_on_profile_email(), _wp_privacy_send_request_confirmation_notification(), _wp_privacy_send_erasure_fulfillment_notification(), and wp_send_user_request() all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/file.php

    r43448 r43459  
    21002100    $email_address = $request->email;
    21012101    $export_file_url = get_post_meta( $request_id, '_export_file_url', true );
    2102     $site_name = is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' );
    2103     $site_url = network_home_url();
     2102    $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
     2103    $site_url = home_url();
    21042104
    21052105    $content = str_replace( '###EXPIRATION###', $expiration_date, $content );
    21062106    $content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content );
    21072107    $content = str_replace( '###EMAIL###', $email_address, $content );
    2108     $content = str_replace( '###SITENAME###', wp_specialchars_decode( $site_name, ENT_QUOTES ), $content );
     2108    $content = str_replace( '###SITENAME###', $site_name, $content );
    21092109    $content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content );
    21102110
     
    21132113        sprintf(
    21142114            __( '[%s] Personal Data Export' ),
    2115             wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES )
     2115            $site_name
    21162116        ),
    21172117        $content
Note: See TracChangeset for help on using the changeset viewer.