Multisite: Escape urls and html elements in wp-activate.php
When WPMU was merged in [12603], the intent was to go back and make sure everything was escaped. This completes that intent. Props rafiq91, rajinsharwar, costdev, oglekler, nicolefurlan, ryan, peterwilsoncc. Fixes #57336. See #11644. Built from https://develop.svn.wordpress.org/trunk@57625 git-svn-id: http://core.svn.wordpress.org/trunk@57126 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
de3ee0fde6
commit
ae4f12d406
|
@ -150,19 +150,19 @@ $blog_details = get_site();
|
||||||
printf(
|
printf(
|
||||||
/* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */
|
/* translators: 1: Login URL, 2: Username, 3: User email address, 4: Lost password URL. */
|
||||||
__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
|
__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
|
||||||
network_site_url( $blog_details->path . 'wp-login.php', 'login' ),
|
esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
|
||||||
$signup->user_login,
|
esc_html( $signup->user_login ),
|
||||||
$signup->user_email,
|
esc_html( $signup->user_email ),
|
||||||
wp_lostpassword_url()
|
esc_url( wp_lostpassword_url() )
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
printf(
|
printf(
|
||||||
/* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */
|
/* translators: 1: Site URL, 2: Username, 3: User email address, 4: Lost password URL. */
|
||||||
__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
|
__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
|
||||||
sprintf( '<a href="http://%1$s%2$s">%1$s%2$s</a>', $signup->domain, $blog_details->path ),
|
sprintf( '<a href="http://%1$s">%1$s</a>', esc_url( $signup->domain . $blog_details->path ) ),
|
||||||
$signup->user_login,
|
esc_html( $signup->user_login ),
|
||||||
$signup->user_email,
|
esc_html( $signup->user_email ),
|
||||||
wp_lostpassword_url()
|
esc_url( wp_lostpassword_url() )
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
echo '</p>';
|
echo '</p>';
|
||||||
|
@ -170,18 +170,18 @@ $blog_details = get_site();
|
||||||
?>
|
?>
|
||||||
<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
|
<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
|
||||||
<?php if ( is_wp_error( $result ) ) : ?>
|
<?php if ( is_wp_error( $result ) ) : ?>
|
||||||
<p><?php echo $result->get_error_message(); ?></p>
|
<p><?php echo esc_html( $result->get_error_message() ); ?></p>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php
|
<?php
|
||||||
} else {
|
} else {
|
||||||
$url = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
|
$url = isset( $result['blog_id'] ) ? esc_url( get_home_url( (int) $result['blog_id'] ) ) : '';
|
||||||
$user = get_userdata( (int) $result['user_id'] );
|
$user = get_userdata( (int) $result['user_id'] );
|
||||||
?>
|
?>
|
||||||
<h2><?php _e( 'Your account is now active!' ); ?></h2>
|
<h2><?php _e( 'Your account is now active!' ); ?></h2>
|
||||||
|
|
||||||
<div id="signup-welcome">
|
<div id="signup-welcome">
|
||||||
<p><span class="h3"><?php _e( 'Username:' ); ?></span> <?php echo $user->user_login; ?></p>
|
<p><span class="h3"><?php _e( 'Username:' ); ?></span> <?php echo esc_html( $user->user_login ); ?></p>
|
||||||
<p><span class="h3"><?php _e( 'Password:' ); ?></span> <?php echo $result['password']; ?></p>
|
<p><span class="h3"><?php _e( 'Password:' ); ?></span> <?php echo esc_html( $result['password'] ); ?></p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
@ -193,7 +193,7 @@ $blog_details = get_site();
|
||||||
<p class="view">
|
<p class="view">
|
||||||
<?php
|
<?php
|
||||||
/* translators: 1: Site URL, 2: Login URL. */
|
/* translators: 1: Site URL, 2: Login URL. */
|
||||||
printf( __( 'Your account is now activated. <a href="%1$s">View your site</a> or <a href="%2$s">Log in</a>' ), $url, esc_url( $login_url ) );
|
printf( __( 'Your account is now activated. <a href="%1$s">View your site</a> or <a href="%2$s">Log in</a>' ), esc_url( $url ), esc_url( $login_url ) );
|
||||||
?>
|
?>
|
||||||
</p>
|
</p>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
|
@ -202,8 +202,8 @@ $blog_details = get_site();
|
||||||
printf(
|
printf(
|
||||||
/* translators: 1: Login URL, 2: Network home URL. */
|
/* translators: 1: Login URL, 2: Network home URL. */
|
||||||
__( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ),
|
__( 'Your account is now activated. <a href="%1$s">Log in</a> or go back to the <a href="%2$s">homepage</a>.' ),
|
||||||
network_site_url( $blog_details->path . 'wp-login.php', 'login' ),
|
esc_url( network_site_url( $blog_details->path . 'wp-login.php', 'login' ) ),
|
||||||
network_home_url( $blog_details->path )
|
esc_url( network_home_url( $blog_details->path ) )
|
||||||
);
|
);
|
||||||
?>
|
?>
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.5-alpha-57624';
|
$wp_version = '6.5-alpha-57625';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue