Multisite: Validate new email address confirmations.
Merge of [37103] to the 4.1 branch. Built from https://develop.svn.wordpress.org/branches/4.1@37107 git-svn-id: http://core.svn.wordpress.org/branches/4.1@37074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
63bde8f97e
commit
cd0d7d699d
|
@ -99,7 +99,7 @@ if ( is_multisite()
|
||||||
// Execute confirmed email change. See send_confirmation_on_profile_email().
|
// Execute confirmed email change. See send_confirmation_on_profile_email().
|
||||||
if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
|
if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
|
||||||
$new_email = get_option( $current_user->ID . '_new_email' );
|
$new_email = get_option( $current_user->ID . '_new_email' );
|
||||||
if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
|
if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
|
||||||
$user = new stdClass;
|
$user = new stdClass;
|
||||||
$user->ID = $current_user->ID;
|
$user->ID = $current_user->ID;
|
||||||
$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
|
$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
|
||||||
|
@ -110,7 +110,8 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
|
||||||
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
|
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
|
} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
|
||||||
|
check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
|
||||||
delete_option( $current_user->ID . '_new_email' );
|
delete_option( $current_user->ID . '_new_email' );
|
||||||
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
|
wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
|
||||||
die();
|
die();
|
||||||
|
@ -413,7 +414,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
|
||||||
$new_email = get_option( $current_user->ID . '_new_email' );
|
$new_email = get_option( $current_user->ID . '_new_email' );
|
||||||
if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
|
if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
|
||||||
<div class="updated inline">
|
<div class="updated inline">
|
||||||
<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
|
<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), esc_html( $new_email['newemail'] ), esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ) ); ?></p>
|
||||||
</div>
|
</div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</td>
|
</td>
|
||||||
|
|
Loading…
Reference in New Issue