WordPress.org

Make WordPress Core

Changeset 44025


Ignore:
Timestamp:
12/13/2018 12:36:24 AM (3 years ago)
Author:
peterwilsoncc
Message:

Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.8 branch.

Location:
branches/4.8
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/4.8

  • branches/4.8/src/wp-activate.php

    r38664 r44025  
    1717    wp_redirect( wp_registration_url() );
    1818    die();
     19}
     20
     21$valid_error_codes = array( 'already_active', 'blog_taken' );
     22
     23list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
     24$activate_cookie = 'wp-activate-' . COOKIEHASH;
     25
     26$key    = '';
     27$result = null;
     28
     29if ( ! empty( $_GET['key'] ) ) {
     30    $key = $_GET['key'];
     31} elseif ( ! empty( $_POST['key'] ) ) {
     32    $key = $_POST['key'];
     33}
     34
     35if ( $key ) {
     36    $redirect_url = remove_query_arg( 'key' );
     37
     38    if ( $redirect_url !== remove_query_arg( false ) ) {
     39        setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     40        wp_safe_redirect( $redirect_url );
     41        exit;
     42    } else {
     43        $result = wpmu_activate_signup( $key );
     44    }
     45}
     46
     47if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
     48    $key    = $_COOKIE[ $activate_cookie ];
     49    $result = wpmu_activate_signup( $key );
     50    setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     51}
     52
     53if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
     54    status_header( 404 );
     55} elseif ( is_wp_error( $result ) ) {
     56    $error_code = $result->get_error_code();
     57
     58    if ( ! in_array( $error_code, $valid_error_codes ) ) {
     59        status_header( 400 );
     60    }
    1961}
    2062
     
    68110}
    69111add_action( 'wp_head', 'wpmu_activate_stylesheet' );
     112add_action( 'wp_head', 'wp_sensitive_page_meta' );
    70113
    71114get_header( 'wp-activate' );
     
    74117<div id="signup-content" class="widecolumn">
    75118    <div class="wp-activate-container">
    76     <?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
     119    <?php if ( ! $key ) { ?>
    77120
    78121        <h2><?php _e('Activation Key Required') ?></h2>
     
    88131
    89132    <?php } else {
    90 
    91         $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
    92         $result = wpmu_activate_signup( $key );
    93         if ( is_wp_error($result) ) {
    94             if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
    95                 $signup = $result->get_error_data();
    96                 ?>
    97                 <h2><?php _e('Your account is now active!'); ?></h2>
    98                 <?php
    99                 echo '<p class="lead-in">';
    100                 if ( $signup->domain . $signup->path == '' ) {
    101                     printf(
    102                         /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
    103                         __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
    104                         network_site_url( 'wp-login.php', 'login' ),
    105                         $signup->user_login,
    106                         $signup->user_email,
    107                         wp_lostpassword_url()
    108                     );
    109                 } else {
    110                     printf(
    111                         /* translators: 1: site URL, 2: site domain, 3: username, 4: user email, 5: lost password URL */
    112                         __( 'Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.' ),
    113                         'http://' . $signup->domain,
    114                         $signup->domain,
    115                         $signup->user_login,
    116                         $signup->user_email,
    117                         wp_lostpassword_url()
    118                     );
    119                 }
    120                 echo '</p>';
     133        if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
     134            $signup = $result->get_error_data();
     135            ?>
     136            <h2><?php _e('Your account is now active!'); ?></h2>
     137            <?php
     138            echo '<p class="lead-in">';
     139            if ( $signup->domain . $signup->path == '' ) {
     140                printf(
     141                /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
     142                    __( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
     143                    network_site_url( 'wp-login.php', 'login' ),
     144                    $signup->user_login,
     145                    $signup->user_email,
     146                    wp_lostpassword_url()
     147                );
    121148            } else {
    122                 ?>
    123                 <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
     149                printf(
     150                /* translators: 1: site URL, 2: site domain, 3: username, 4: user email, 5: lost password URL */
     151                    __( 'Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.' ),
     152                    'http://' . $signup->domain,
     153                    $signup->domain,
     154                    $signup->user_login,
     155                    $signup->user_email,
     156                    wp_lostpassword_url()
     157                );
     158            }
     159            echo '</p>';
     160        } elseif ( $result === null || is_wp_error( $result ) ) {
     161            ?>
     162            <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
     163            <?php if ( is_wp_error( $result ) ) : ?>
    124164                <p><?php echo $result->get_error_message(); ?></p>
    125                 <?php
    126             }
     165            <?php endif; ?>
     166            <?php
    127167        } else {
    128168            $url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
  • branches/4.8/src/wp-includes/general-template.php

    r42918 r44025  
    27892789
    27902790/**
     2791 * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
     2792 *
     2793 * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
     2794 * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
     2795 * url as a referrer to other sites when cross-origin assets are loaded.
     2796 *
     2797 * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
     2798 *
     2799 * @since 5.0.0
     2800 */
     2801function wp_sensitive_page_meta() {
     2802    ?>
     2803    <meta name='robots' content='noindex,noarchive' />
     2804    <meta name='referrer' content='strict-origin-when-cross-origin' />
     2805    <?php
     2806}
     2807
     2808/**
    27912809 * Display site icon meta tags.
    27922810 *
  • branches/4.8/src/wp-login.php

    r42896 r44025  
    3535
    3636    // Don't index any of these forms
    37     add_action( 'login_head', 'wp_no_robots' );
     37    add_action( 'login_head', 'wp_sensitive_page_meta' );
    3838
    3939    add_action( 'login_head', 'wp_login_viewport_meta' );
Note: See TracChangeset for help on using the changeset viewer.