Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time.

Merges [44021] to the 5.0 branch.

Built from https://develop.svn.wordpress.org/branches/5.0@44022


git-svn-id: http://core.svn.wordpress.org/branches/5.0@43852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Peter Wilson 2018-12-13 00:28:46 +00:00
parent 6ae36b3cfd
commit 1894965f3f
4 changed files with 95 additions and 37 deletions

View File

@ -18,6 +18,48 @@ if ( !is_multisite() ) {
die(); die();
} }
$valid_error_codes = array( 'already_active', 'blog_taken' );
list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
$activate_cookie = 'wp-activate-' . COOKIEHASH;
$key = '';
$result = null;
if ( ! empty( $_GET['key'] ) ) {
$key = $_GET['key'];
} elseif ( ! empty( $_POST['key'] ) ) {
$key = $_POST['key'];
}
if ( $key ) {
$redirect_url = remove_query_arg( 'key' );
if ( $redirect_url !== remove_query_arg( false ) ) {
setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
wp_safe_redirect( $redirect_url );
exit;
} else {
$result = wpmu_activate_signup( $key );
}
}
if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
$key = $_COOKIE[ $activate_cookie ];
$result = wpmu_activate_signup( $key );
setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
}
if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
status_header( 404 );
} elseif ( is_wp_error( $result ) ) {
$error_code = $result->get_error_code();
if ( ! in_array( $error_code, $valid_error_codes ) ) {
status_header( 400 );
}
}
nocache_headers(); nocache_headers();
if ( is_object( $wp_object_cache ) ) if ( is_object( $wp_object_cache ) )
@ -69,13 +111,14 @@ function wpmu_activate_stylesheet() {
<?php <?php
} }
add_action( 'wp_head', 'wpmu_activate_stylesheet' ); add_action( 'wp_head', 'wpmu_activate_stylesheet' );
add_action( 'wp_head', 'wp_sensitive_page_meta' );
get_header( 'wp-activate' ); get_header( 'wp-activate' );
?> ?>
<div id="signup-content" class="widecolumn"> <div id="signup-content" class="widecolumn">
<div class="wp-activate-container"> <div class="wp-activate-container">
<?php if ( empty($_GET['key']) && empty($_POST['key']) ) { ?> <?php if ( ! $key ) { ?>
<h2><?php _e('Activation Key Required') ?></h2> <h2><?php _e('Activation Key Required') ?></h2>
<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>"> <form name="activateform" id="activateform" method="post" action="<?php echo network_site_url('wp-activate.php'); ?>">
@ -89,14 +132,10 @@ get_header( 'wp-activate' );
</form> </form>
<?php } else { <?php } else {
if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
$key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
$result = wpmu_activate_signup( $key );
if ( is_wp_error($result) ) {
if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
$signup = $result->get_error_data(); $signup = $result->get_error_data();
?> ?>
<h2><?php _e('Your account is now active!'); ?></h2> <h2><?php _e( 'Your account is now active!' ); ?></h2>
<?php <?php
echo '<p class="lead-in">'; echo '<p class="lead-in">';
if ( $signup->domain . $signup->path == '' ) { if ( $signup->domain . $signup->path == '' ) {
@ -119,12 +158,13 @@ get_header( 'wp-activate' );
); );
} }
echo '</p>'; echo '</p>';
} else { } elseif ( $result === null || is_wp_error( $result ) ) {
?> ?>
<h2><?php _e( 'An error occurred during the activation' ); ?></h2> <h2><?php _e( 'An error occurred during the activation' ); ?></h2>
<?php if ( is_wp_error( $result ) ) : ?>
<p><?php echo $result->get_error_message(); ?></p> <p><?php echo $result->get_error_message(); ?></p>
<?php endif; ?>
<?php <?php
}
} else { } else {
$url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : ''; $url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
$user = get_userdata( (int) $result['user_id'] ); $user = get_userdata( (int) $result['user_id'] );

View File

@ -2812,6 +2812,24 @@ function wp_no_robots() {
echo "<meta name='robots' content='noindex,follow' />\n"; echo "<meta name='robots' content='noindex,follow' />\n";
} }
/**
* Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag.
*
* Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content.
* Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full
* url as a referrer to other sites when cross-origin assets are loaded.
*
* Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' );
*
* @since 5.0.0
*/
function wp_sensitive_page_meta() {
?>
<meta name='robots' content='noindex,noarchive' />
<meta name='referrer' content='strict-origin-when-cross-origin' />
<?php
}
/** /**
* Display site icon meta tags. * Display site icon meta tags.
* *

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.0.1-alpha-44017'; $wp_version = '5.0.1-alpha-44022';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.

View File

@ -34,7 +34,7 @@ function login_header( $title = 'Log In', $message = '', $wp_error = null ) {
global $error, $interim_login, $action; global $error, $interim_login, $action;
// Don't index any of these forms // Don't index any of these forms
add_action( 'login_head', 'wp_no_robots' ); add_action( 'login_head', 'wp_sensitive_page_meta' );
add_action( 'login_head', 'wp_login_viewport_meta' ); add_action( 'login_head', 'wp_login_viewport_meta' );