diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 6143514f72..c2106b1f7f 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -99,7 +99,7 @@ if ( is_multisite() // Execute confirmed email change. See send_confirmation_on_profile_email(). if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { $new_email = get_option( $current_user->ID . '_new_email' ); - if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { + if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) { $user = new stdClass; $user->ID = $current_user->ID; $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); @@ -110,7 +110,8 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); die(); } -} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) { +} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) { + check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' ); delete_option( $current_user->ID . '_new_email' ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); die(); @@ -405,8 +406,8 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
Cancel' ),
- '' . $new_email['newemail'] . '
',
- esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) )
+ '' . esc_html( $new_email['newemail'] ) . '
',
+ esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) )
); ?>