Ticket #6163: 6163.01.patch
File 6163.01.patch, 11.7 KB (added by , 10 years ago) |
---|
-
src/bp-settings/bp-settings-actions.php
67 67 68 68 // What is missing from the profile page vs signup - 69 69 // let's double check the goodies 70 $user_email = sanitize_email( esc_html( trim( $_POST['email'] )) );70 $user_email = sanitize_email( trim( $_POST['email'] ) ); 71 71 $old_user_email = $bp->displayed_user->userdata->user_email; 72 72 73 73 // User is changing email address 74 if ( $old_user_email != $user_email ) {74 if ( $old_user_email !== $user_email ) { 75 75 76 76 // Run some tests on the email address 77 77 $email_checks = bp_core_validate_email_address( $user_email ); … … 92 92 93 93 // Store a hash to enable email validation 94 94 if ( false === $email_error ) { 95 $hash = wp_hash( $_POST['email'] ); 95 96 // Send the email change verification email 97 bp_settings_send_email_change_verification_email( $user_email, $old_user_email ); 96 98 97 $pending_email = array(98 'hash' => $hash,99 'newemail' => $user_email,100 );101 102 bp_update_user_meta( bp_displayed_user_id(), 'pending_email_change', $pending_email );103 104 $email_text = sprintf(105 __( 'Dear %1$s,106 107 You recently changed the email address associated with your account on %2$s.108 If this is correct, please click on the following link to complete the change:109 %3$s110 111 You can safely ignore and delete this email if you do not want to take this action or if you have received this email in error.112 113 This email has been sent to %4$s.114 115 Regards,116 %5$s117 %6$s', 'buddypress' ),118 bp_core_get_user_displayname( bp_displayed_user_id() ),119 bp_get_site_name(),120 esc_url( bp_displayed_user_domain() . bp_get_settings_slug() . '/?verify_email_change=' . $hash ),121 $user_email,122 bp_get_site_name(),123 bp_get_root_domain()124 );125 126 /**127 * Filter the email text sent when a user changes emails.128 *129 * @since BuddyPress (2.1.0)130 *131 * @param string $email_text Text of the email.132 * @param string $new_user_email New user email that the133 * current user has changed to.134 * @param string $old_user_email Existing email address135 * for the current user.136 * @param WP_User $update_user Userdata object for the current user.137 */138 $content = apply_filters( 'bp_new_user_email_content', $email_text, $user_email, $old_user_email, $update_user );139 140 // Send the verification email141 wp_mail( $user_email, sprintf( __( '[%s] Verify your new email address', 'buddypress' ), wp_specialchars_decode( bp_get_site_name() ) ), $content );142 143 99 // We mark that the change has taken place so as to ensure a 144 100 // success message, even though verification is still required 145 101 $_POST['email'] = $update_user->user_email; … … 495 451 add_action( 'bp_actions', 'bp_settings_verify_email_change' ); 496 452 497 453 /** 454 * Resend email change verification email 455 * 456 * @since BuddyPress (2.3.0) 457 */ 458 function bp_settings_resend_email_change() { 459 460 // Bail if not settings 461 if ( ! bp_is_settings_component() ) { 462 return; 463 } 464 465 // Bail if not viewing own profile 466 if ( ! bp_is_my_profile() ) { 467 return; 468 } 469 470 // Bail if not resending verification email 471 if ( ! isset( $_GET['resend_verification'] ) ) { 472 return; 473 } 474 475 // Get redirect address and pending email change meta 476 $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true ); 477 478 // Bail if the hash provided doesn't match the one saved in the database 479 if ( urldecode( $_GET['resend_verification'] ) !== $pending_email['hash'] ) { 480 return; 481 } 482 483 // Attempt to resend email change verification 484 if ( bp_settings_send_email_change_verification_email( $pending_email['newemail'] ) ) { 485 $message = sprintf( __( 'An email has been sent to %1$s with a new verification link.', 'buddypress' ), $pending_email['newemail'] ); 486 bp_core_add_message( $message ); 487 } 488 489 // Redirect 490 $redirect_to = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() ); 491 bp_core_redirect( $redirect_to ); 492 } 493 add_action( 'bp_actions', 'bp_settings_verify_email_change' ); 494 495 /** 498 496 * Removes 'Email' sub nav, if no component has registered options there. 499 497 * 500 498 * @since BuddyPress (2.2.0) -
src/bp-settings/bp-settings-functions.php
9 9 10 10 // Exit if accessed directly 11 11 defined( 'ABSPATH' ) || exit; 12 13 /** 14 * Send an email to the displayed user for them to verify that they want to 15 * change the main email address associated with their account. 16 * 17 * In the case of a resend, a new hash is saved and provided. This invalidates 18 * old links in previous emails, increasing security by validating the most 19 * recent user intent. 20 * 21 * @since BuddyPress (2.3.0) 22 * 23 * @param string $new_email_address Email address to use going forward 24 * @param string $old_email_address Email address previously being used 25 * 26 * @return type 27 */ 28 function bp_settings_send_email_change_verification_email( $new_email_address = '', $old_email_address = '' ) { 29 30 // This is for the displayed user ID, which is typically the logged in user 31 $user_id = bp_displayed_user_id(); 32 33 // If no email address passed, attempt to use new address from pending meta 34 if ( empty( $new_email_address ) ) { 35 $pending_email = bp_get_user_meta( $user_id, 'pending_email_change', true ); 36 37 // Bail if pending email is missing newemail key, or if no pending email 38 // change could be found in user meta for this user. 39 if ( empty( $pending_email['newemail'] ) ) { 40 return false; 41 } 42 43 $user_email = $pending_email['newemail']; 44 } 45 46 // If no email address passed, use currently displayed user email address 47 if ( empty( $old_email_address ) ) { 48 $old_email_address = bp_displayed_user_email(); 49 } 50 51 // Rehash based on the user email, to invalidate previous emails 52 $hash = wp_hash( $user_email ); 53 54 // Update displayed user meta with new hash 55 bp_update_user_meta( $user_id, 'pending_email_change', array( 56 'hash' => $hash, 57 'newemail' => $user_email, 58 ) ); 59 60 // Setup a few string variables for concatenation later 61 $user_settings = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() ); 62 $user_name = bp_core_get_user_displayname( $user_id ); 63 $site_name = wp_specialchars_decode( bp_get_site_name() ); 64 $site_address = bp_get_root_domain(); 65 $email_link = esc_url( add_query_arg( array( 'resend_verification' => $hash ), $user_settings ) ); 66 $email_text = __( 'Dear %1$s, 67 68 You recently changed the email address associated with your account on %2$s. 69 If this is correct, please click on the following link to complete the change: 70 %3$s 71 72 You can safely ignore and delete this email if you do not want to take this action or if you have received this email in error. 73 74 This email has been sent to %4$s. 75 76 Regards, 77 %5$s 78 %6$s', 'buddypress' ); 79 80 // Format string 81 $email_content = sprintf( 82 $email_text, 83 $user_name, 84 $site_name, 85 $email_link, 86 $user_email, 87 $site_name, 88 $site_address 89 ); 90 91 /** 92 * Filter the email text sent when a user changes emails. 93 * 94 * @since BuddyPress (2.1.0) 95 * 96 * @param string $email_text Text of the email. 97 * @param string $new_user_email New email address that the user changed to. 98 * @param string $old_user_email Existing email address for the user. 99 * @param WP_User $update_user Userdata object for the user. 100 */ 101 $content = apply_filters( 'bp_new_user_email_content', $email_content, $user_email, $old_email_address, get_userdata( $user_id ) ); 102 103 // Bail if destination or content were wiped out 104 if ( empty( $content ) || empty( $user_email ) ) { 105 return false; 106 } 107 108 // Send the verification email 109 wp_mail( $user_email, sprintf( __( '[%s] Verify your new email address', 'buddypress' ), $site_name ), $content ); 110 111 // Email was successfully sent 112 return true; 113 } -
src/bp-settings/bp-settings-template.php
77 77 * 78 78 * @since BuddyPress (2.1.0) 79 79 */ 80 function bp_settings_pending_email_notice() { 81 $pending_email = bp_get_user_meta( bp_displayed_user_id(), 'pending_email_change', true ); 80 function bp_settings_pending_email_notice( $args = array() ) { 81 echo bp_get_settings_pending_email_notice( $args ); 82 } 83 add_action( 'bp_before_member_settings_template', 'bp_settings_pending_email_notice' ); 82 84 85 /** 86 * Get a pending email change notice, usually for a member's settings page. 87 * 88 * @since BuddyPress (2.3.0) 89 * 90 * @param array $args 91 * @return array 92 */ 93 function bp_get_settings_pending_email_notice( $args = array() ) { 94 95 // Look for pending email change 96 $user_id = bp_displayed_user_id(); 97 $current_email = bp_get_displayed_user_email(); 98 $pending_email = bp_get_user_meta( $user_id, 'pending_email_change', true ); 99 100 // Bail if no pending email address change 83 101 if ( empty( $pending_email['newemail'] ) ) { 84 102 return; 85 103 } 86 104 87 if ( bp_get_displayed_user_email() == $pending_email['newemail'] ) { 105 // If pending change equals current address, delete the meta and bail 106 if ( $current_email === $pending_email['newemail'] ) { 107 bp_delete_user_meta( $user_id, 'pending_email_change' ); 88 108 return; 89 109 } 90 110 91 ?> 111 // Notice 112 $defaults['notice'] = array( 113 'before' => '<div id="message" class="bp-template-notice error"><p>', 114 'after' => '</p></div>', 115 'text' => __( 'An email address change from %1$s to %2$s is still pending verification.', 'buddypress' ), 116 'old_address' => '<code>' . $current_email . '</code>', 117 'new_address' => '<code>' . $pending_email['newemail'] . '</code>' 118 ); 92 119 93 <div id="message" class="bp-template-notice error"> 94 <p><?php printf( __( 'There is a pending change of your email address to <code>%1$s</code>.<br />Check your email (<code>%2$s</code>) for the verification link. <a href="%3$s">Cancel</a>', 'buddypress' ), $pending_email['newemail'], bp_get_displayed_user_email(), esc_url( bp_displayed_user_domain() . bp_get_settings_slug() . '/?dismiss_email_change=1' ) ) ?></p> 95 </div> 120 // Get te base URL for links 121 $base_url = trailingslashit( bp_displayed_user_domain() . bp_get_settings_slug() ); 96 122 97 <?php 123 // Setup cancel link 124 $defaults['links']['cancel'] = array( 125 'before' => '<a href="%1$s" class="%2$s">', 126 'after' => '</a>', 127 'text' => __( 'Cancel', 'buddypress' ), 128 'url' => add_query_arg( array( 'resend_verification' => $pending_email['hash'] ), $base_url ), 129 'class' => 'cancel' 130 ); 131 132 // Setup resend link 133 $defaults['links']['resend'] = array( 134 'before' => '<a href="%1$s" class="%2$s">', 135 'after' => '</a>', 136 'text' => __( 'Resend', 'buddypress' ), 137 'url' => add_query_arg( array( 'dismiss_email_change' => '1' ), $base_url ), 138 'class' => 'resend primary' 139 ); 140 141 // Parse all the args 142 $r = bp_parse_args( $args, $defaults, 'settings_pending_email_notice' ); 143 144 // Setup notice text 145 $notice_text = ! empty( $r['notice'] ) 146 ? sprintf( $r['notice']['text'], $r['notice']['old_address'], $r['notice']['new_address'] ) 147 : ''; 148 149 // Setup links, if any exist 150 if ( ! empty( $r['links'] ) ) { 151 152 // Setup links array 153 $links = array(); 154 155 // Combine link text 156 foreach( $r['links'] as $link ) { 157 $links[] = sprintf( $link['before'] . $link['text'] . $link['after'], esc_url( $link['url'] ), $link['class'] ); 158 } 159 160 // Join links together and concatenate with notice text 161 $notice_text .= join( '', $links ); 162 } 163 164 return apply_filters( 'bp_get_settings_pending_email_notice', $notice_text, $r, $args ); 98 165 } 99 add_action( 'bp_before_member_settings_template', 'bp_settings_pending_email_notice' );