sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Users: Use self_admin_url() for the email change confirmation link.

Browse Source 
Prevents sending users to wp-admin/profile.php if they only have access to wp-admin/user/profile.php.

Props dave.pullig.
Fixes #38451.

git-svn-id: https://develop.svn.wordpress.org/trunk@38876 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90) 2016-10-23 14:01:53 +00:00
parent 633c58b4e4
commit 3a97668d06
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-admin/includes/ms.php
View File

@ -388,7 +388,7 @@ All at ###SITENAME###
$content = apply_filters( 'new_user_email_content', $email_text, $new_user_email );
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail='.$hash ) ), $content );
$content = str_replace( '###ADMIN_URL###', esc_url( self_admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content);
$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content );