WordPress.org

Make WordPress Core

Changeset 44021


Ignore:
Timestamp:
12/13/2018 12:22:03 AM (10 months ago)
Author:
peterwilsoncc
Message:

Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-activate.php

    r43569 r44021  
    1717    wp_redirect( wp_registration_url() );
    1818    die();
     19}
     20
     21$valid_error_codes = array( 'already_active', 'blog_taken' );
     22
     23list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
     24$activate_cookie       = 'wp-activate-' . COOKIEHASH;
     25
     26$key    = '';
     27$result = null;
     28
     29if ( ! empty( $_GET['key'] ) ) {
     30    $key = $_GET['key'];
     31} elseif ( ! empty( $_POST['key'] ) ) {
     32    $key = $_POST['key'];
     33}
     34
     35if ( $key ) {
     36    $redirect_url = remove_query_arg( 'key' );
     37
     38    if ( $redirect_url !== remove_query_arg( false ) ) {
     39        setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     40        wp_safe_redirect( $redirect_url );
     41        exit;
     42    } else {
     43        $result = wpmu_activate_signup( $key );
     44    }
     45}
     46
     47if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
     48    $key    = $_COOKIE[ $activate_cookie ];
     49    $result = wpmu_activate_signup( $key );
     50    setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     51}
     52
     53if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
     54    status_header( 404 );
     55} elseif ( is_wp_error( $result ) ) {
     56    $error_code = $result->get_error_code();
     57
     58    if ( ! in_array( $error_code, $valid_error_codes ) ) {
     59        status_header( 400 );
     60    }
    1961}
    2062
     
    71113}
    72114add_action( 'wp_head', 'wpmu_activate_stylesheet' );
     115add_action( 'wp_head', 'wp_sensitive_page_meta' );
    73116
    74117get_header( 'wp-activate' );
     
    77120<div id="signup-content" class="widecolumn">
    78121    <div class="wp-activate-container">
    79     <?php
    80     if ( empty( $_GET['key'] ) && empty( $_POST['key'] ) ) {
    81         ?>
     122    <?php if ( ! $key ) { ?>
    82123
    83124        <h2><?php _e( 'Activation Key Required' ); ?></h2>
     
    93134
    94135        <?php
     136} else {
     137    if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
     138        $signup = $result->get_error_data();
     139        ?>
     140            <h2><?php _e( 'Your account is now active!' ); ?></h2>
     141            <?php
     142            echo '<p class="lead-in">';
     143            if ( $signup->domain . $signup->path == '' ) {
     144                printf(
     145                    /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
     146                    __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
     147                    network_site_url( 'wp-login.php', 'login' ),
     148                    $signup->user_login,
     149                    $signup->user_email,
     150                    wp_lostpassword_url()
     151                );
     152            } else {
     153                printf(
     154                    /* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
     155                    __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
     156                    sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
     157                    $signup->user_login,
     158                    $signup->user_email,
     159                    wp_lostpassword_url()
     160                );
     161            }
     162            echo '</p>';
     163    } elseif ( $result === null || is_wp_error( $result ) ) {
     164        ?>
     165            <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
     166            <?php if ( is_wp_error( $result ) ) : ?>
     167                <p><?php echo $result->get_error_message(); ?></p>
     168            <?php endif; ?>
     169            <?php
    95170    } else {
    96 
    97         $key    = ! empty( $_GET['key'] ) ? $_GET['key'] : $_POST['key'];
    98         $result = wpmu_activate_signup( $key );
    99         if ( is_wp_error( $result ) ) {
    100             if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
    101                 $signup = $result->get_error_data();
    102                 ?>
    103                 <h2><?php _e( 'Your account is now active!' ); ?></h2>
    104                     <?php
    105                     echo '<p class="lead-in">';
    106                     if ( $signup->domain . $signup->path == '' ) {
    107                         printf(
    108                             /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
    109                             __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
    110                             network_site_url( 'wp-login.php', 'login' ),
    111                             $signup->user_login,
    112                             $signup->user_email,
    113                             wp_lostpassword_url()
    114                         );
    115                     } else {
    116                         printf(
    117                             /* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
    118                             __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
    119                             sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
    120                             $signup->user_login,
    121                             $signup->user_email,
    122                             wp_lostpassword_url()
    123                         );
    124                     }
    125                     echo '</p>';
    126             } else {
    127                 ?>
    128                 <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
    129                 <p><?php echo $result->get_error_message(); ?></p>
    130                 <?php
    131             }
    132         } else {
    133             $url  = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
    134             $user = get_userdata( (int) $result['user_id'] );
    135             ?>
     171        $url  = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
     172        $user = get_userdata( (int) $result['user_id'] );
     173        ?>
    136174            <h2><?php _e( 'Your account is now active!' ); ?></h2>
    137175
     
    162200            <?php
    163201            endif;
    164         }
    165202    }
    166     ?>
     203}
     204?>
    167205    </div>
    168206</div>
  • trunk/src/wp-includes/general-template.php

    r43591 r44021  
    28722872
    28732873/**
     2874 * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
     2875 *
     2876 * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
     2877 * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
     2878 * url as a referrer to other sites when cross-origin assets are loaded.
     2879 *
     2880 * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
     2881 *
     2882 * @since 5.0.0
     2883 */
     2884function wp_sensitive_page_meta() {
     2885    ?>
     2886    <meta name='robots' content='noindex,noarchive' />
     2887    <meta name='referrer' content='strict-origin-when-cross-origin' />
     2888    <?php
     2889}
     2890
     2891/**
    28742892 * Display site icon meta tags.
    28752893 *
  • trunk/src/wp-login.php

    r43644 r44021  
    3737
    3838    // Don't index any of these forms
    39     add_action( 'login_head', 'wp_no_robots' );
     39    add_action( 'login_head', 'wp_sensitive_page_meta' );
    4040
    4141    add_action( 'login_head', 'wp_login_viewport_meta' );
Note: See TracChangeset for help on using the changeset viewer.