WordPress.org

Make WordPress Core

Changeset 44036 for branches/4.1


Ignore:
Timestamp:
12/13/2018 12:58:21 AM (2 years ago)
Author:
peterwilsoncc
Message:

Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.1 branch.

Location:
branches/4.1
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/4.1

  • branches/4.1/src/wp-activate.php

    r29554 r44036  
    1717    wp_redirect( site_url( '/wp-login.php?action=register' ) );
    1818    die();
     19}
     20
     21$valid_error_codes = array( 'already_active', 'blog_taken' );
     22
     23list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
     24$activate_cookie = 'wp-activate-' . COOKIEHASH;
     25
     26$key    = '';
     27$result = null;
     28
     29if ( ! empty( $_GET['key'] ) ) {
     30    $key = $_GET['key'];
     31} elseif ( ! empty( $_POST['key'] ) ) {
     32    $key = $_POST['key'];
     33}
     34
     35if ( $key ) {
     36    $redirect_url = remove_query_arg( 'key' );
     37
     38    if ( $redirect_url !== remove_query_arg( false ) ) {
     39        setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     40        wp_safe_redirect( $redirect_url );
     41        exit;
     42    } else {
     43        $result = wpmu_activate_signup( $key );
     44    }
     45}
     46
     47if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
     48    $key    = $_COOKIE[ $activate_cookie ];
     49    $result = wpmu_activate_signup( $key );
     50    setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
     51}
     52
     53if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
     54    status_header( 404 );
     55} elseif ( is_wp_error( $result ) ) {
     56    $error_code = $result->get_error_code();
     57
     58    if ( ! in_array( $error_code, $valid_error_codes ) ) {
     59        status_header( 400 );
     60    }
    1961}
    2062
     
    64106}
    65107add_action( 'wp_head', 'wpmu_activate_stylesheet' );
     108add_action( 'wp_head', 'wp_sensitive_page_meta' );
    66109
    67110get_header();
     
    69112
    70113<div id="content" class="widecolumn">
    71     <?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
     114    <?php if ( ! $key ) { ?>
    72115
    73116        <h2><?php _e('Activation Key Required') ?></h2>
     
    83126
    84127    <?php } else {
    85 
    86         $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
    87         $result = wpmu_activate_signup( $key );
    88         if ( is_wp_error($result) ) {
    89             if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
    90                 $signup = $result->get_error_data();
    91                 ?>
    92                 <h2><?php _e('Your account is now active!'); ?></h2>
    93                 <?php
    94                 echo '<p class="lead-in">';
    95                 if ( $signup->domain . $signup->path == '' ) {
    96                     printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
    97                 } else {
    98                     printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
    99                 }
    100                 echo '</p>';
     128        if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
     129            $signup = $result->get_error_data();
     130            ?>
     131            <h2><?php _e('Your account is now active!'); ?></h2>
     132            <?php
     133            echo '<p class="lead-in">';
     134            if ( $signup->domain . $signup->path == '' ) {
     135                printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
    101136            } else {
    102                 ?>
    103                 <h2><?php _e('An error occurred during the activation'); ?></h2>
    104                 <?php
    105                 echo '<p>'.$result->get_error_message().'</p>';
     137                printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
    106138            }
     139            echo '</p>';
     140        } elseif ( $result === null || is_wp_error( $result ) ) {
     141            ?>
     142            <h2><?php _e('An error occurred during the activation'); ?></h2>
     143            <?php if ( is_wp_error( $result ) ) {
     144                echo '<p>' . $result->get_error_message() . '</p>';
     145            } ?>
     146            <?php
    107147        } else {
    108148            $url = isset( $result['blog_id'] ) ? get_blogaddress_by_id( (int) $result['blog_id'] ) : '';
  • branches/4.1/src/wp-includes/general-template.php

    r42925 r44036  
    23652365
    23662366/**
     2367 * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
     2368 *
     2369 * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
     2370 * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
     2371 * url as a referrer to other sites when cross-origin assets are loaded.
     2372 *
     2373 * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
     2374 *
     2375 * @since 5.0.0
     2376 */
     2377function wp_sensitive_page_meta() {
     2378    ?>
     2379    <meta name='robots' content='noindex,noarchive' />
     2380    <meta name='referrer' content='strict-origin-when-cross-origin' />
     2381    <?php
     2382}
     2383
     2384/**
    23672385 * Whether the user should have a WYSIWIG editor.
    23682386 *
  • branches/4.1/src/wp-login.php

    r42903 r44036  
    3535
    3636    // Don't index any of these forms
    37     add_action( 'login_head', 'wp_no_robots' );
     37    add_action( 'login_head', 'wp_sensitive_page_meta' );
    3838
    3939    if ( wp_is_mobile() )
Note: See TracChangeset for help on using the changeset viewer.