Context Navigation

← Previous Change
Next Change →

bp-core-template.php

Timestamp:

12/12/2017 02:26:15 AM (8 years ago)

Author:

boonebgorges

Message:

Members: Require a form submission to activate an account.

Previously, simply loading a URL of the form /activate/12345 would activate
the account with key 12345. This caused conflicts with some mail scanning
services, which follow links in emails, causing accounts to be self-activated.

A small backward-compatibility layer ensures that custom activate.php
templates containing forms with action="get" continue to work.

Fixes #6049.

File:

: 1 edited

trunk/src/bp-core/bp-core-template.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/bp-core/bp-core-template.php

-                      r11763
+                      r11766
  */
 function bp_account_was_activated() {
+    $bp                  = buddypress();
+    $activation_complete = !empty( $bp->activation_complete )
+        ? $bp->activation_complete
+        : false;
+    $activation_complete = ! empty( buddypress()->activation_complete ) || ( bp_is_current_component( 'activate' ) && ! empty( $_GET['activated'] ) );
     return $activation_complete;

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

BuddyPress.org

Context Navigation

Changeset 11766 for trunk/src/bp-core/bp-core-template.php

Legend:

trunk/src/bp-core/bp-core-template.php

Download in other formats: