Multisite: Validate new email address confirmations.

Merge of [37103] to the 4.4 branch.
Built from https://develop.svn.wordpress.org/branches/4.4@37104


git-svn-id: http://core.svn.wordpress.org/branches/4.4@37071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2016-03-30 14:49:26 +00:00
parent e0cfe8655c
commit 4d66a3b242
1 changed files with 5 additions and 4 deletions

View File

@ -83,7 +83,7 @@ if ( is_multisite()
// Execute confirmed email change. See send_confirmation_on_profile_email(). // Execute confirmed email change. See send_confirmation_on_profile_email().
if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
$new_email = get_option( $current_user->ID . '_new_email' ); $new_email = get_option( $current_user->ID . '_new_email' );
if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
$user = new stdClass; $user = new stdClass;
$user->ID = $current_user->ID; $user->ID = $current_user->ID;
$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
@ -94,7 +94,8 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
die(); die();
} }
} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) { } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
delete_option( $current_user->ID . '_new_email' ); delete_option( $current_user->ID . '_new_email' );
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
die(); die();
@ -389,8 +390,8 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
<p><?php <p><?php
printf( printf(
__( 'There is a pending change of your email to %1$s. <a href="%2$s">Cancel</a>' ), __( 'There is a pending change of your email to %1$s. <a href="%2$s">Cancel</a>' ),
'<code>' . $new_email['newemail'] . '</code>', '<code>' . esc_html( $new_email['newemail'] ) . '</code>',
esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) )
); ?></p> ); ?></p>
</div> </div>
<?php endif; ?> <?php endif; ?>