Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/12/2017 02:26:15 AM (4 years ago)
Author:
boonebgorges
Message:

Members: Require a form submission to activate an account.

Previously, simply loading a URL of the form /activate/12345 would activate
the account with key 12345. This caused conflicts with some mail scanning
services, which follow links in emails, causing accounts to be self-activated.

A small backward-compatibility layer ensures that custom activate.php
templates containing forms with action="get" continue to work.

Fixes #6049.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-templates/bp-legacy/buddypress/members/activate.php

    r11171 r11766  
    5151            <p><?php _e( 'Please provide a valid activation key.', 'buddypress' ); ?></p>
    5252
    53             <form action="" method="get" class="standard-form" id="activation-form">
     53            <form action="" method="post" class="standard-form" id="activation-form">
    5454
    5555                <label for="key"><?php _e( 'Activation Key:', 'buddypress' ); ?></label>
    56                 <input type="text" name="key" id="key" value="" />
     56                <input type="text" name="key" id="key" value="<?php echo esc_attr( bp_get_current_activation_key() ); ?>" />
    5757
    5858                <p class="submit">
Note: See TracChangeset for help on using the changeset viewer.