Changeset 11766 for trunk/src/bp-members/bp-members-screens.php

Timestamp:

12/12/2017 02:26:15 AM (8 years ago)

Author:

boonebgorges

Message:

Members: Require a form submission to activate an account.

Previously, simply loading a URL of the form /activate/12345 would activate
the account with key 12345. This caused conflicts with some mail scanning
services, which follow links in emails, causing accounts to be self-activated.

A small backward-compatibility layer ensures that custom activate.php
templates containing forms with action="get" continue to work.

Fixes #6049.

File:

• trunk/src/bp-members/bp-members-screens.php (modified) (2 diffs)

trunk/src/bp-members/bp-members-screens.php

@@ -291 +291 @@
  *
  * @since 1.1.0
- *
- * @todo Move the actual activation process into an action in bp-members-actions.php
  */
 function bp_core_screen_activation() {
@@ -326 +324 @@
     }
 
-    // Grab the key (the old way).
-    $key = isset( $_GET['key'] ) ? $_GET['key'] : '';
-
-    // Grab the key (the new way).
-    if ( empty( $key ) ) {
-        $key = bp_current_action();
-    }
-
     // Get BuddyPress.
     $bp = buddypress();
-
-    // We've got a key; let's attempt to activate the signup.
-    if ( ! empty( $key ) ) {
-
-        /**
-         * Filters the activation signup.
-         *
-         * @since 1.1.0
-         *
-         * @param bool|int $value Value returned by activation.
-         *                        Integer on success, boolean on failure.
-         */
-        $user = apply_filters( 'bp_core_activate_account', bp_core_activate_signup( $key ) );
-
-        // If there were errors, add a message and redirect.
-        if ( ! empty( $user->errors ) ) {
-            bp_core_add_message( $user->get_error_message(), 'error' );
-            bp_core_redirect( trailingslashit( bp_get_root_domain() . '/' . $bp->pages->activate->slug ) );
-        }
-
-        bp_core_add_message( __( 'Your account is now active!', 'buddypress' ) );
-        $bp->activation_complete = true;
-    }
 
     /**