defect (bug): wp_site_admin_email_change_notification triggers wp_mail with an empty to address creating downstream wp_mail_failed

[spenserhale]

Issue Summary:
The wp_site_admin_email_change_notification function calls wp_mail with an empty “to” address when the admin_email option is not set during the site creation. This behavior leads to a downstream wp_mail_failed event being triggered.

Steps to Reproduce:

1. Create a new site:

• Using multisite, a new site can be created either through wp_insert_site() or by direct database inserts.
• This creation may occur via CLI commands, API calls, backup and restore plugins and more.

2. Update the admin_email option:

• Call update_option('admin_email', 'anyemail@…') with any valid email address.
• Observe that when the admin_email is empty initially, wp_mail is called with an empty “to” address, causing wp_mail_failed event.

Code Example:

$site_id = wp_insert_site([
‘domain’ => ‘example.com’,
‘path’ => ‘/’,
‘title’ => ‘example’,
‘lang_id’ => 1,
‘options’ => [‘blog_public’ => 0]
]);

switch_to_blog($site_id);

update_option(‘admin_email’, ‘new-admin@example.com’);

Non-Multisite:
It also affects single-site installations created without the option, for example, using backup plugins where the admin_email option may not be set during site restoration.

Preferred Behavior:
wp_site_admin_email_change_notification should include validation for the admin_email field, ensuring it is not empty before invoking wp_mail.

Updating wp_site_admin_email_change_notification to validate the old_email field, setting the $send flag to false if the old_email address is any empty value (null, empty string, etc).

Trac ticket: https://core.trac.wordpress.org/ticket/62211#ticket