Users: Require a confirmation link in an email to be clicked when a user attempts to change their email address.

This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their account.

Props rodrigosprimo, tharsheblows, johnbillion

Fixes #16470

Built from https://develop.svn.wordpress.org/trunk@41163


git-svn-id: http://core.svn.wordpress.org/trunk@41003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2017-07-27 02:10:42 +00:00
parent 0860bb2771
commit 62fe4be994
6 changed files with 117 additions and 110 deletions

View File

@ -99,9 +99,12 @@ add_action( 'install_themes_pre_theme-information', 'install_theme_information'
add_action( 'admin_init', 'default_password_nag_handler' ); add_action( 'admin_init', 'default_password_nag_handler' );
add_action( 'admin_notices', 'default_password_nag' ); add_action( 'admin_notices', 'default_password_nag' );
add_action( 'admin_notices', 'new_user_email_admin_notice' );
add_action( 'profile_update', 'default_password_nag_edit_user', 10, 2 ); add_action( 'profile_update', 'default_password_nag_edit_user', 10, 2 );
add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
// Update hooks. // Update hooks.
add_action( 'load-plugins.php', 'wp_plugin_update_rows', 20 ); // After wp_update_plugins() is called. add_action( 'load-plugins.php', 'wp_plugin_update_rows', 20 ); // After wp_update_plugins() is called.
add_action( 'load-themes.php', 'wp_theme_update_rows', 20 ); // After wp_update_themes() is called. add_action( 'load-themes.php', 'wp_theme_update_rows', 20 ); // After wp_update_themes() is called.

View File

@ -11,15 +11,12 @@
add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' ); add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );
// User Hooks // User Hooks
add_action( 'admin_notices', 'new_user_email_admin_notice' );
add_action( 'user_admin_notices', 'new_user_email_admin_notice' ); add_action( 'user_admin_notices', 'new_user_email_admin_notice' );
add_action( 'admin_page_access_denied', '_access_denied_splash', 99 ); add_action( 'admin_page_access_denied', '_access_denied_splash', 99 );
add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
add_action( 'personal_options_update', 'send_confirmation_on_profile_email' );
add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 ); add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
// Site Hooks. // Site Hooks.

View File

@ -335,109 +335,6 @@ All at ###SITENAME###
} }
} }
/**
* Sends an email when an email address change is requested.
*
* @since 3.0.0
*
* @global WP_Error $errors WP_Error object.
* @global wpdb $wpdb WordPress database object.
*/
function send_confirmation_on_profile_email() {
global $errors, $wpdb;
$current_user = wp_get_current_user();
if ( ! is_object($errors) )
$errors = new WP_Error();
if ( $current_user->ID != $_POST['user_id'] )
return false;
if ( $current_user->user_email != $_POST['email'] ) {
if ( !is_email( $_POST['email'] ) ) {
$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array( 'form-field' => 'email' ) );
return;
}
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array( 'form-field' => 'email' ) );
delete_user_meta( $current_user->ID, '_new_email' );
return;
}
$hash = md5( $_POST['email'] . time() . mt_rand() );
$new_user_email = array(
'hash' => $hash,
'newemail' => $_POST['email']
);
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
$switched_locale = switch_to_locale( get_user_locale() );
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __( 'Howdy ###USERNAME###,
You recently requested to have the email address on your account changed.
If this is correct, please click on the following link to change it:
###ADMIN_URL###
You can safely ignore and delete this email if you do not want to
take this action.
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###' );
/**
* Filters the email text sent when a user changes emails.
*
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_URL### The link to click on to confirm the email change.
* ###EMAIL### The new email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
* @since MU
*
* @param string $email_text Text in the email.
* @param string $new_user_email New user email that the current user has changed to.
*/
$content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
$content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content);
$content = str_replace( '###SITENAME###', wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content );
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
$_POST['email'] = $current_user->user_email;
if ( $switched_locale ) {
restore_previous_locale();
}
}
}
/**
* Adds an admin notice alerting the user to check for confirmation email
* after email address change.
*
* @since 3.0.0
*
* @global string $pagenow
*/
function new_user_email_admin_notice() {
global $pagenow;
if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
/* translators: %s: New email address */
echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
}
}
/** /**
* Check whether a site has used its allotted upload space. * Check whether a site has used its allotted upload space.
* *

View File

@ -88,13 +88,13 @@ if ( is_multisite()
} }
// Execute confirmed email change. See send_confirmation_on_profile_email(). // Execute confirmed email change. See send_confirmation_on_profile_email().
if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { if ( IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
$new_email = get_user_meta( $current_user->ID, '_new_email', true ); $new_email = get_user_meta( $current_user->ID, '_new_email', true );
if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) { if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
$user = new stdClass; $user = new stdClass;
$user->ID = $current_user->ID; $user->ID = $current_user->ID;
$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) { if ( is_multisite() && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
} }
wp_update_user( $user ); wp_update_user( $user );
@ -104,7 +104,7 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
} else { } else {
wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) ); wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
} }
} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) { } elseif ( IS_PROFILE_PAGE && ! empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' ); check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
delete_user_meta( $current_user->ID, '_new_email' ); delete_user_meta( $current_user->ID, '_new_email' );
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );

View File

@ -2590,3 +2590,113 @@ function _wp_get_current_user() {
return $current_user; return $current_user;
} }
/**
* Sends an email when an email address change is requested.
*
* @since 3.0.0
* @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
*
* @global WP_Error $errors WP_Error object.
* @global wpdb $wpdb WordPress database object.
*/
function send_confirmation_on_profile_email() {
global $errors, $wpdb;
$current_user = wp_get_current_user();
if ( ! is_object( $errors ) ) {
$errors = new WP_Error();
}
if ( $current_user->ID != $_POST['user_id'] ) {
return false;
}
if ( $current_user->user_email != $_POST['email'] ) {
if ( ! is_email( $_POST['email'] ) ) {
$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address isn&#8217;t correct." ), array(
'form-field' => 'email',
) );
return;
}
if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_email FROM {$wpdb->users} WHERE user_email=%s", $_POST['email'] ) ) ) {
$errors->add( 'user_email', __( "<strong>ERROR</strong>: The email address is already used." ), array(
'form-field' => 'email',
) );
delete_user_meta( $current_user->ID, '_new_email' );
return;
}
$hash = md5( $_POST['email'] . time() . mt_rand() );
$new_user_email = array(
'hash' => $hash,
'newemail' => $_POST['email'],
);
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __( 'Howdy ###USERNAME###,
You recently requested to have the email address on your account changed.
If this is correct, please click on the following link to change it:
###ADMIN_URL###
You can safely ignore and delete this email if you do not want to
take this action.
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###' );
/**
* Filters the email text sent when a user changes emails.
*
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_URL### The link to click on to confirm the email change.
* ###EMAIL### The new email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
*
* @since MU
* @since 4.9.0 This filter is no longer Multisite specific.
*
* @param string $email_text Text in the email.
* @param string $new_user_email New user email that the current user has changed to.
*/
$content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content );
$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content );
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
$_POST['email'] = $current_user->user_email;
}
}
/**
* Adds an admin notice alerting the user to check for confirmation email
* after email address change.
*
* @since 3.0.0
* @since 4.9.0 This function was moved from wp-admin/includes/ms.php so it's no longer Multisite specific.
*
* @global string $pagenow
*/
function new_user_email_admin_notice() {
global $pagenow;
if ( 'profile.php' === $pagenow && isset( $_GET['updated'] ) && $email = get_user_meta( get_current_user_id(), '_new_email', true ) ) {
/* translators: %s: New email address */
echo '<div class="notice notice-info"><p>' . sprintf( __( 'Your email address has not been updated yet. Please check your inbox at %s for a confirmation email.' ), '<code>' . esc_html( $email['newemail'] ) . '</code>' ) . '</p></div>';
}
}

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9-alpha-41162'; $wp_version = '4.9-alpha-41163';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.