Changeset 10941 for trunk/src/bp-activity/bp-activity-notifications.php

Timestamp:

07/10/2016 09:46:27 PM (9 years ago)

Author:

djpaul

Message:

Emails: add unsubscribe feature.

Updates the unsubscribe token to link to a new unsubscribe action handler.

All emails from other platforms or popular websites have a unsubscribe link. For previous versions of BuddyPress, our unsubscribe link pointed to that user's notifications page. However, if someone creates an account on a BuddyPress with a fraudulent email address (for example), that email address' owner will not know the account's authentication details, and so have no way to unsubscribe from that "spam" email.

The change implements a new action handler which accepts unsubscription requests from un-authenticated requests. It adds an new option containing a dynamically generated salt which is used to generate the hash on the unsubscribe link.

Fixes #6932

Props tharsheblows, DJPaul

File:

• trunk/src/bp-activity/bp-activity-notifications.php (modified) (7 diffs)

trunk/src/bp-activity/bp-activity-notifications.php

@@ -54 +54 @@
             $group_name = bp_get_current_group_name();
         }
+
+        $unsubscribe_args = array(
+            'user_id'           => $receiver_user_id,
+            'notification_type' => $email_type,
+        );
 
         $args = array(
@@ -63 +68 @@
                 'poster.name'      => $poster_name,
                 'receiver-user.id' => $receiver_user_id,
+                'unsubscribe'      => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
             ),
         );
@@ -114 +120 @@
         // Send an email if the user hasn't opted-out.
         if ( 'no' != bp_get_user_meta( $original_activity->user_id, 'notification_activity_new_reply', true ) ) {
+
+            $unsubscribe_args = array(
+                'user_id'           => $original_activity->user_id,
+                'notification_type' => 'activity-comment',
+            );
+
             $args = array(
                 'tokens' => array(
@@ -122 +134 @@
                     'poster.name'               => $poster_name,
                     'thread.url'                => esc_url( $thread_link ),
+                    'unsubscribe'               => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
                 ),
             );
@@ -156 +169 @@
         // Send an email if the user hasn't opted-out.
         if ( 'no' != bp_get_user_meta( $parent_comment->user_id, 'notification_activity_new_reply', true ) ) {
+
+            $unsubscribe_args = array(
+                'user_id'           => $parent_comment->user_id,
+                'notification_type' => 'activity-comment-author',
+            );
+
             $args = array(
                 'tokens' => array(
@@ -164 +183 @@
                     'poster.name'            => $poster_name,
                     'thread.url'             => esc_url( $thread_link ),
+                    'unsubscribe'            => esc_url( bp_email_get_unsubscribe_link( $unsubscribe_args ) ),
                 ),
             );
@@ -179 +199 @@
          * @param int                  $commenter_id   ID of the user who made the comment.
          * @param array                $params         Arguments used with the original activity comment.
-         */
+         */
         do_action( 'bp_activity_sent_reply_to_reply_notification', $parent_comment, $comment_id, $commenter_id, $params );
     }