sergiotarxz/Wordpress
sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Admin email verification:

Browse Source 
- Add the `admin_email_lifespan` option when installing. Fixes a bug where the verification screen is shown right after installation.
- Reset the same option when upgrading and the user doing the DB upgrade is not an admin. This will ensure the email verification is shown next time an admin logs in.
- Use `site_url()` instead of `network_site_url()` for the form action. The latter seems needed only for password reset.

See #46349.

git-svn-id: https://develop.svn.wordpress.org/trunk@45788 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Ozz 2019-08-13 17:39:06 +00:00
parent feb0830c79
commit 6dad32d2ae
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/wp-admin/includes/schema.php
View File

@ -542,6 +542,9 @@ function populate_options( array $options = array() ) {
// 4.9.8
'show_comments_cookies_opt_in' => 1,
// 5.3.0
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
);
// 3.3

12
src/wp-admin/includes/upgrade.php
View File

@ -2125,10 +2125,14 @@ function upgrade_510() {
* @since 5.3.0
*/
function upgrade_530() {
// Do `add_option()` rather than overwriting with `update_option()` as this may run
// after an admin was redirected to the email verification screen,
// and the option was updated.
add_option( 'admin_email_lifespan', 0 );
// The `admin_email_lifespan` option may have been set by an admin that just logged in,
// saw the verification screen, clicked on a button there, and is now upgrading the db,
// or by populate_options() that is called earlier in upgrade_all().
// In the second case `admin_email_lifespan` should be reset so the verification screen
// is shown next time an admin logs in.
if ( function_exists( 'current_user_can' ) && ! current_user_can( 'manage_options' ) ) {
update_option( 'admin_email_lifespan', 0 );
}
}
/**

4
src/wp-login.php
View File

@ -594,7 +594,7 @@ switch ( $action ) {
*
* @param int Interval time (in seconds).
*/
$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 180 * DAY_IN_SECONDS );
$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS );
if ( $admin_email_check_interval > 0 ) {
update_option( 'admin_email_lifespan', time() + $admin_email_check_interval );
@ -617,7 +617,7 @@ switch ( $action ) {
?>
<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
<?php
/**
* Fires inside the admin-email-confirm-form form tags, before the hidden fields.