Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/10/2016 09:46:27 PM (8 years ago)
Author:
djpaul
Message:

Emails: add unsubscribe feature.

Updates the unsubscribe token to link to a new unsubscribe action handler.

All emails from other platforms or popular websites have a unsubscribe link. For previous versions of BuddyPress, our unsubscribe link pointed to that user's notifications page. However, if someone creates an account on a BuddyPress with a fraudulent email address (for example), that email address' owner will not know the account's authentication details, and so have no way to unsubscribe from that "spam" email.

The change implements a new action handler which accepts unsubscription requests from un-authenticated requests. It adds an new option containing a dynamically generated salt which is used to generate the hash on the unsubscribe link.

Fixes #6932

Props tharsheblows, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-activity/bp-activity-notifications.php

    r10895 r10941  
    5454            $group_name = bp_get_current_group_name();
    5555        }
     56
     57        $unsubscribe_args = array(
     58            'user_id'           => $receiver_user_id,
     59            'notification_type' => $email_type,
     60        );
    5661
    5762        $args = array(
     
    6368                'poster.name'      => $poster_name,
    6469                'receiver-user.id' => $receiver_user_id,
     70                'unsubscribe'      => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
    6571            ),
    6672        );
     
    114120        // Send an email if the user hasn't opted-out.
    115121        if ( 'no' != bp_get_user_meta( $original_activity->user_id, 'notification_activity_new_reply', true ) ) {
     122
     123            $unsubscribe_args = array(
     124                'user_id'           => $original_activity->user_id,
     125                'notification_type' => 'activity-comment',
     126            );
     127
    116128            $args = array(
    117129                'tokens' => array(
     
    122134                    'poster.name'               => $poster_name,
    123135                    'thread.url'                => esc_url( $thread_link ),
     136                    'unsubscribe'               => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
    124137                ),
    125138            );
     
    156169        // Send an email if the user hasn't opted-out.
    157170        if ( 'no' != bp_get_user_meta( $parent_comment->user_id, 'notification_activity_new_reply', true ) ) {
     171
     172            $unsubscribe_args = array(
     173                'user_id'           => $parent_comment->user_id,
     174                'notification_type' => 'activity-comment-author',
     175            );
     176
    158177            $args = array(
    159178                'tokens' => array(
     
    164183                    'poster.name'            => $poster_name,
    165184                    'thread.url'             => esc_url( $thread_link ),
     185                    'unsubscribe'            => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
    166186                ),
    167187            );
     
    179199         * @param int                  $commenter_id   ID of the user who made the comment.
    180200         * @param array                $params         Arguments used with the original activity comment.
    181          */
     201         */
    182202        do_action( 'bp_activity_sent_reply_to_reply_notification', $parent_comment, $comment_id, $commenter_id, $params );
    183203    }
Note: See TracChangeset for help on using the changeset viewer.