WordPress.org

Make WordPress Core

Changeset 44024


Ignore:
Timestamp:
12/13/2018 12:33:05 AM (12 months ago)
Author:
peterwilsoncc
Message:

Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.9 branch.

Location:
branches/4.9
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-activate.php

    r43066 r44024  
    1717    wp_redirect( wp_registration_url() );
    1818    die();
     19}
     20
     21$valid_error_codes = array( 'already_active', 'blog_taken' );
     22
     23list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
     24$activate_cookie = 'wp-activate-' . COOKIEHASH;
     25
     26$key    = '';
     27$result = null;
     28
     29if ( ! empty( $_GET['key'] ) ) {
     30    $key = $_GET['key'];
     31} elseif ( ! empty( $_POST['key'] ) ) {
     32    $key = $_POST['key'];
     33}
     34
     35if ( $key ) {
     36    $redirect_url = remove_query_arg( 'key' );
     37
     38    if ( $redirect_url !== remove_query_arg( false ) ) {
     39        setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     40        wp_safe_redirect( $redirect_url );
     41        exit;
     42    } else {
     43        $result = wpmu_activate_signup( $key );
     44    }
     45}
     46
     47if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
     48    $key    = $_COOKIE[ $activate_cookie ];
     49    $result = wpmu_activate_signup( $key );
     50    setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     51}
     52
     53if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
     54    status_header( 404 );
     55} elseif ( is_wp_error( $result ) ) {
     56    $error_code = $result->get_error_code();
     57
     58    if ( ! in_array( $error_code, $valid_error_codes ) ) {
     59        status_header( 400 );
     60    }
    1961}
    2062
     
    70112}
    71113add_action( 'wp_head', 'wpmu_activate_stylesheet' );
     114add_action( 'wp_head', 'wp_sensitive_page_meta' );
    72115
    73116get_header( 'wp-activate' );
     
    76119<div id="signup-content" class="widecolumn">
    77120    <div class="wp-activate-container">
    78     <?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
     121    <?php if ( ! $key ) { ?>
    79122
    80123        <h2><?php _e('Activation Key Required') ?></h2>
     
    90133
    91134    <?php } else {
    92 
    93         $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
    94         $result = wpmu_activate_signup( $key );
    95         if ( is_wp_error($result) ) {
    96             if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
    97                 $signup = $result->get_error_data();
    98                 ?>
    99                 <h2><?php _e('Your account is now active!'); ?></h2>
    100                 <?php
    101                 echo '<p class="lead-in">';
    102                 if ( $signup->domain . $signup->path == '' ) {
    103                     printf(
    104                         /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
    105                         __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
    106                         network_site_url( 'wp-login.php', 'login' ),
    107                         $signup->user_login,
    108                         $signup->user_email,
    109                         wp_lostpassword_url()
    110                     );
    111                 } else {
    112                     printf(
    113                         /* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
    114                         __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
    115                         sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
    116                         $signup->user_login,
    117                         $signup->user_email,
    118                         wp_lostpassword_url()
    119                     );
    120                 }
    121                 echo '</p>';
     135        if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
     136            $signup = $result->get_error_data();
     137            ?>
     138            <h2><?php _e( 'Your account is now active!' ); ?></h2>
     139            <?php
     140            echo '<p class="lead-in">';
     141            if ( $signup->domain . $signup->path == '' ) {
     142                printf(
     143                /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
     144                    __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
     145                    network_site_url( 'wp-login.php', 'login' ),
     146                    $signup->user_login,
     147                    $signup->user_email,
     148                    wp_lostpassword_url()
     149                );
    122150            } else {
    123                 ?>
    124                 <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
     151                printf(
     152                /* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
     153                    __( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
     154                    sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
     155                    $signup->user_login,
     156                    $signup->user_email,
     157                    wp_lostpassword_url()
     158                );
     159            }
     160            echo '</p>';
     161        } elseif ( $result === null || is_wp_error( $result ) ) {
     162            ?>
     163            <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
     164            <?php if ( is_wp_error( $result ) ) : ?>
    125165                <p><?php echo $result->get_error_message(); ?></p>
    126                 <?php
    127             }
     166            <?php endif; ?>
     167            <?php
    128168        } else {
    129169            $url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
  • branches/4.9/src/wp-includes/general-template.php

    r43444 r44024  
    28142814
    28152815/**
     2816 * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
     2817 *
     2818 * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
     2819 * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
     2820 * url as a referrer to other sites when cross-origin assets are loaded.
     2821 *
     2822 * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
     2823 *
     2824 * @since 5.0.0
     2825 */
     2826function wp_sensitive_page_meta() {
     2827    ?>
     2828    <meta name='robots' content='noindex,noarchive' />
     2829    <meta name='referrer' content='strict-origin-when-cross-origin' />
     2830    <?php
     2831}
     2832
     2833/**
    28162834 * Display site icon meta tags.
    28172835 *
  • branches/4.9/src/wp-login.php

    r43458 r44024  
    3535
    3636    // Don't index any of these forms
    37     add_action( 'login_head', 'wp_no_robots' );
     37    add_action( 'login_head', 'wp_sensitive_page_meta' );
    3838
    3939    add_action( 'login_head', 'wp_login_viewport_meta' );
Note: See TracChangeset for help on using the changeset viewer.