Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/10/2016 09:46:27 PM (8 years ago)
Author:
djpaul
Message:

Emails: add unsubscribe feature.

Updates the unsubscribe token to link to a new unsubscribe action handler.

All emails from other platforms or popular websites have a unsubscribe link. For previous versions of BuddyPress, our unsubscribe link pointed to that user's notifications page. However, if someone creates an account on a BuddyPress with a fraudulent email address (for example), that email address' owner will not know the account's authentication details, and so have no way to unsubscribe from that "spam" email.

The change implements a new action handler which accepts unsubscription requests from un-authenticated requests. It adds an new option containing a dynamically generated salt which is used to generate the hash on the unsubscribe link.

Fixes #6932

Props tharsheblows, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-filters.php

    r10899 r10941  
    10311031    $tokens['recipient.name']      = '';
    10321032    $tokens['recipient.username']  = '';
    1033     $tokens['unsubscribe']         = site_url( 'wp-login.php' );
    10341033
    10351034
     
    10481047
    10491048        if ( $user_obj ) {
    1050             // Unsubscribe link.
    1051             $tokens['unsubscribe'] = esc_url( sprintf(
    1052                 '%s%s/notifications/',
    1053                 bp_core_get_user_domain( $user_obj->ID ),
    1054                 function_exists( 'bp_get_settings_slug' ) ? bp_get_settings_slug() : 'settings'
    1055             ) );
    10561049            $tokens['recipient.username'] = $user_obj->user_login;
    1057         }
     1050            if ( bp_is_active( 'settings' ) && empty( $tokens['unsubscribe'] ) ) {
     1051                $tokens['unsubscribe'] = esc_url( sprintf(
     1052                    '%s%s/notifications/',
     1053                    bp_core_get_user_domain( $user_obj->ID ),
     1054                    bp_get_settings_slug()
     1055                ) );
     1056            }
     1057        }
     1058    }
     1059
     1060    // Set default unsubscribe link if not passed.
     1061    if ( empty( $tokens['unsubscribe'] ) ) {
     1062        $tokens['unsubscribe'] = site_url( 'wp-login.php' );
    10581063    }
    10591064
Note: See TracChangeset for help on using the changeset viewer.