From 057b221af7edaff049977d48850df3cac4a101be Mon Sep 17 00:00:00 2001 From: Felix Arntz Date: Tue, 3 Jul 2018 17:00:25 +0000 Subject: [PATCH] Privacy: Use consistent values for the site name and URL used in notification emails. The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded. Props subrataemfluence, desrosj. Fixes #44396. Built from https://develop.svn.wordpress.org/trunk@43388 git-svn-id: http://core.svn.wordpress.org/trunk@43216 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/user.php | 54 ++++++++++++++++++----------------------- wp-includes/version.php | 2 +- 2 files changed, 24 insertions(+), 32 deletions(-) diff --git a/wp-includes/user.php b/wp-includes/user.php index 472d0f8642..d39ecd83b6 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -2733,11 +2733,7 @@ function send_confirmation_on_profile_email() { ); update_user_meta( $current_user->ID, '_new_email', $new_user_email ); - if ( is_multisite() ) { - $sitename = get_site_option( 'site_name' ); - } else { - $sitename = get_option( 'blogname' ); - } + $sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_text = __( @@ -2784,10 +2780,10 @@ All at ###SITENAME### $content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); $content = str_replace( '###EMAIL###', $_POST['email'], $content ); - $content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content ); - $content = str_replace( '###SITEURL###', network_home_url(), $content ); + $content = str_replace( '###SITENAME###', $sitename, $content ); + $content = str_replace( '###SITEURL###', home_url(), $content ); - wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); + wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), $sitename ), $content ); $_POST['email'] = $current_user->user_email; } @@ -2997,7 +2993,7 @@ function _wp_privacy_send_request_confirmation_notification( $request_id ) { 'user_email' => $request_data->email, 'description' => $action_description, 'manage_url' => $manage_url, - 'sitename' => get_option( 'blogname' ), + 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), 'admin_email' => $admin_email, ); @@ -3049,18 +3045,16 @@ All at ###SITENAME### */ $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); - $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); + $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); - $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); - $subject = sprintf( /* translators: 1: Site name. 2: Name of the confirmed action. */ __( '[%1$s] Action Confirmed: %2$s' ), - $blogname, + $email_data['sitename'], $action_description ); @@ -3070,7 +3064,7 @@ All at ###SITENAME### * @since 4.9.7 * * @param string $subject The email subject. - * @param string $blogname The name of the site. + * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * @@ -3083,7 +3077,7 @@ All at ###SITENAME### * @type string $admin_email The administrator email receiving the mail. * } */ - $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $blogname, $email_data ); + $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data ); $email_sent = wp_mail( $email_data['admin_email'], $subject, $content ); @@ -3114,12 +3108,6 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) { return; } - $subject = sprintf( - /* translators: %s Site name. */ - __( '[%s] Erasure Request Fulfilled' ), - wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) - ); - /** * Filters the recipient of the data erasure fulfillment notification. * @@ -3134,10 +3122,16 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) { 'request' => $request_data, 'message_recipient' => $user_email, 'privacy_policy_url' => get_privacy_policy_url(), - 'sitename' => get_option( 'blogname' ), + 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), 'siteurl' => home_url(), ); + $subject = sprintf( + /* translators: %s: Site name. */ + __( '[%s] Erasure Request Fulfilled' ), + $email_data['sitename'] + ); + if ( empty( $email_data['privacy_policy_url'] ) ) { /* translators: Do not translate SITENAME, SITEURL; those are placeholders. */ $email_text = __( @@ -3197,7 +3191,7 @@ All at ###SITENAME### */ $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); - $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); + $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); @@ -3360,8 +3354,8 @@ function wp_send_user_request( $request_id ) { 'request_id' => $request_id, 'confirm_key' => wp_generate_user_request_key( $request_id ), ), wp_login_url() ), - 'sitename' => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ), - 'siteurl' => network_home_url(), + 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ), + 'siteurl' => home_url(), ); /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */ @@ -3412,13 +3406,11 @@ All at ###SITENAME### $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content ); $content = str_replace( '###EMAIL###', $email_data['email'], $content ); - $content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); + $content = str_replace( '###SITENAME###', $email_data['sitename'], $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); - $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); - /* translators: Privacy data request subject. 1: Site name, 2: Name of the action */ - $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $blogname, $email_data['description'] ); + $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] ); /** * Filters the subject of the email sent when an account action is attempted. @@ -3426,7 +3418,7 @@ All at ###SITENAME### * @since 4.9.6 * * @param string $subject The email subject. - * @param string $blogname The name of the site. + * @param string $sitename The name of the site. * @param array $email_data { * Data relating to the account action email. * @@ -3438,7 +3430,7 @@ All at ###SITENAME### * @type string $siteurl The site URL sending the mail. * } */ - $subject = apply_filters( 'user_request_action_email_subject', $subject, $blogname, $email_data ); + $subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data ); return wp_mail( $email_data['email'], $subject, $content ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 906ec8a339..180689fdcc 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0-alpha-43387'; +$wp_version = '5.0-alpha-43388'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.