Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
07/10/2016 09:46:27 PM (8 years ago)
Author:
djpaul
Message:

Emails: add unsubscribe feature.

Updates the unsubscribe token to link to a new unsubscribe action handler.

All emails from other platforms or popular websites have a unsubscribe link. For previous versions of BuddyPress, our unsubscribe link pointed to that user's notifications page. However, if someone creates an account on a BuddyPress with a fraudulent email address (for example), that email address' owner will not know the account's authentication details, and so have no way to unsubscribe from that "spam" email.

The change implements a new action handler which accepts unsubscription requests from un-authenticated requests. It adds an new option containing a dynamically generated salt which is used to generate the hash on the unsubscribe link.

Fixes #6932

Props tharsheblows, DJPaul

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-update.php

    r10902 r10941  
    264264            bp_update_to_2_5();
    265265        }
     266
     267        // Version 2.7.0.
     268        if ( $raw_db_version < 10940 ) {
     269            bp_update_to_2_7();
     270        }
    266271    }
    267272
     
    498503function bp_update_to_2_5() {
    499504    bp_core_install_emails();
     505}
     506
     507/**
     508 * 2.7.0 update routine.
     509 *
     510 * - Add email unsubscribe salt.
     511 *
     512 * @since 2.7.0
     513 */
     514function bp_update_to_2_7() {
     515    bp_add_option( 'bp-emails-unsubscribe-salt', base64_encode( wp_generate_password( 64, true, true ) ) );
    500516}
    501517
Note: See TracChangeset for help on using the changeset viewer.