Changeset 11766 for trunk/src/bp-templates/bp-legacy/buddypress/members/activate.php

Timestamp:

12/12/2017 02:26:15 AM (5 years ago)

Author:

boonebgorges

Message:

Members: Require a form submission to activate an account.

Previously, simply loading a URL of the form /activate/12345 would activate
the account with key 12345. This caused conflicts with some mail scanning
services, which follow links in emails, causing accounts to be self-activated.

A small backward-compatibility layer ensures that custom activate.php
templates containing forms with action="get" continue to work.

Fixes #6049.

File:

• trunk/src/bp-templates/bp-legacy/buddypress/members/activate.php (modified) (1 diff)

trunk/src/bp-templates/bp-legacy/buddypress/members/activate.php

@@ -51 +51 @@
             <p><?php _e( 'Please provide a valid activation key.', 'buddypress' ); ?></p>
 
-            <form action="" method="get" class="standard-form" id="activation-form">
+            <form action="" method="post" class="standard-form" id="activation-form">
 
                 <label for="key"><?php _e( 'Activation Key:', 'buddypress' ); ?></label>
-                <input type="text" name="key" id="key" value="" />
+                <input type="text" name="key" id="key" value="<?php echo esc_attr( bp_get_current_activation_key() ); ?>" />
 
                 <p class="submit">