Changeset 44037 for branches/4.0/src/wp-activate.php

Timestamp:

12/13/2018 01:00:49 AM (6 years ago)

Author:

peterwilsoncc

Message:

Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 4.0 branch.

Location:

branches/4.0

Files:

• . (modified) (1 prop)
• src/wp-activate.php (modified) (4 diffs)

branches/4.0/src/wp-activate.php

@@ -17 +17 @@
     wp_redirect( site_url( '/wp-login.php?action=register' ) );
     die();
+}
+
+$valid_error_codes = array( 'already_active', 'blog_taken' );
+
+list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+$activate_cookie = 'wp-activate-' . COOKIEHASH;
+
+$key    = '';
+$result = null;
+
+if ( ! empty( $_GET['key'] ) ) {
+    $key = $_GET['key'];
+} elseif ( ! empty( $_POST['key'] ) ) {
+    $key = $_POST['key'];
+}
+
+if ( $key ) {
+    $redirect_url = remove_query_arg( 'key' );
+
+    if ( $redirect_url !== remove_query_arg( false ) ) {
+        setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+        wp_safe_redirect( $redirect_url );
+        exit;
+    } else {
+        $result = wpmu_activate_signup( $key );
+    }
+}
+
+if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
+    $key    = $_COOKIE[ $activate_cookie ];
+    $result = wpmu_activate_signup( $key );
+    setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+}
+
+if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
+    status_header( 404 );
+} elseif ( is_wp_error( $result ) ) {
+    $error_code = $result->get_error_code();
+
+    if ( ! in_array( $error_code, $valid_error_codes ) ) {
+        status_header( 400 );
+    }
 }
 
@@ -64 +106 @@
 }
 add_action( 'wp_head', 'wpmu_activate_stylesheet' );
+add_action( 'wp_head', 'wp_sensitive_page_meta' );
 
 get_header();
@@ -69 +112 @@
 
 <div id="content" class="widecolumn">
-    <?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?>
+    <?php if ( ! $key ) { ?>
 
         <h2><?php _e('Activation Key Required') ?></h2>
@@ -83 +126 @@
 
     <?php } else {
-
-        $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
-        $result = wpmu_activate_signup( $key );
-        if ( is_wp_error($result) ) {
-            if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
-                $signup = $result->get_error_data();
-                ?>
-                <h2><?php _e('Your account is now active!'); ?></h2>
-                <?php
-                echo '<p class="lead-in">';
-                if ( $signup->domain . $signup->path == '' ) {
-                    printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-                } else {
-                    printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
-                }
-                echo '</p>';
+        if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+            $signup = $result->get_error_data();
+            ?>
+            <h2><?php _e('Your account is now active!'); ?></h2>
+            <?php
+            echo '<p class="lead-in">';
+            if ( $signup->domain . $signup->path == '' ) {
+                printf( __('Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.'), network_site_url( 'wp-login.php', 'login' ), $signup->user_login, $signup->user_email, wp_lostpassword_url() );
             } else {
-                ?>
-                <h2><?php _e('An error occurred during the activation'); ?></h2>
-                <?php
-                echo '<p>'.$result->get_error_message().'</p>';
+                printf( __('Your site at <a href="%1$s">%2$s</a> is active. You may now log in to your site using your chosen username of &#8220;%3$s&#8221;. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%5$s">reset your password</a>.'), 'http://' . $signup->domain, $signup->domain, $signup->user_login, $signup->user_email, wp_lostpassword_url() );
             }
+            echo '</p>';
+        } elseif ( $result === null || is_wp_error( $result ) ) {
+            ?>
+            <h2><?php _e('An error occurred during the activation'); ?></h2>
+            <?php if ( is_wp_error( $result ) ) {
+                echo '<p>' . $result->get_error_message() . '</p>';
+            } ?>
+            <?php
         } else {
             $url = isset( $result['blog_id'] ) ? get_blogaddress_by_id( (int) $result['blog_id'] ) : '';