Privacy: Use consistent values for the site name and URL used in notification emails.
The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded. Props subrataemfluence, desrosj. Fixes #44396. git-svn-id: https://develop.svn.wordpress.org/trunk@43388 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
d448c448ca
commit
97cacadc50
@ -2733,11 +2733,7 @@ function send_confirmation_on_profile_email() {
|
|||||||
);
|
);
|
||||||
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
|
update_user_meta( $current_user->ID, '_new_email', $new_user_email );
|
||||||
|
|
||||||
if ( is_multisite() ) {
|
$sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||||
$sitename = get_site_option( 'site_name' );
|
|
||||||
} else {
|
|
||||||
$sitename = get_option( 'blogname' );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
|
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
|
||||||
$email_text = __(
|
$email_text = __(
|
||||||
@ -2784,10 +2780,10 @@ All at ###SITENAME###
|
|||||||
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
|
$content = str_replace( '###USERNAME###', $current_user->user_login, $content );
|
||||||
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
|
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
|
||||||
$content = str_replace( '###EMAIL###', $_POST['email'], $content );
|
$content = str_replace( '###EMAIL###', $_POST['email'], $content );
|
||||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content );
|
$content = str_replace( '###SITENAME###', $sitename, $content );
|
||||||
$content = str_replace( '###SITEURL###', network_home_url(), $content );
|
$content = str_replace( '###SITEURL###', home_url(), $content );
|
||||||
|
|
||||||
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content );
|
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), $sitename ), $content );
|
||||||
|
|
||||||
$_POST['email'] = $current_user->user_email;
|
$_POST['email'] = $current_user->user_email;
|
||||||
}
|
}
|
||||||
@ -2997,7 +2993,7 @@ function _wp_privacy_send_request_confirmation_notification( $request_id ) {
|
|||||||
'user_email' => $request_data->email,
|
'user_email' => $request_data->email,
|
||||||
'description' => $action_description,
|
'description' => $action_description,
|
||||||
'manage_url' => $manage_url,
|
'manage_url' => $manage_url,
|
||||||
'sitename' => get_option( 'blogname' ),
|
'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
|
||||||
'siteurl' => home_url(),
|
'siteurl' => home_url(),
|
||||||
'admin_email' => $admin_email,
|
'admin_email' => $admin_email,
|
||||||
);
|
);
|
||||||
@ -3049,18 +3045,16 @@ All at ###SITENAME###
|
|||||||
*/
|
*/
|
||||||
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
|
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
|
||||||
|
|
||||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
|
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||||
$content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
|
$content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
|
||||||
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
||||||
$content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content );
|
$content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content );
|
||||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||||
|
|
||||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
||||||
|
|
||||||
$subject = sprintf(
|
$subject = sprintf(
|
||||||
/* translators: 1: Site name. 2: Name of the confirmed action. */
|
/* translators: 1: Site name. 2: Name of the confirmed action. */
|
||||||
__( '[%1$s] Action Confirmed: %2$s' ),
|
__( '[%1$s] Action Confirmed: %2$s' ),
|
||||||
$blogname,
|
$email_data['sitename'],
|
||||||
$action_description
|
$action_description
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -3070,7 +3064,7 @@ All at ###SITENAME###
|
|||||||
* @since 4.9.7
|
* @since 4.9.7
|
||||||
*
|
*
|
||||||
* @param string $subject The email subject.
|
* @param string $subject The email subject.
|
||||||
* @param string $blogname The name of the site.
|
* @param string $sitename The name of the site.
|
||||||
* @param array $email_data {
|
* @param array $email_data {
|
||||||
* Data relating to the account action email.
|
* Data relating to the account action email.
|
||||||
*
|
*
|
||||||
@ -3083,7 +3077,7 @@ All at ###SITENAME###
|
|||||||
* @type string $admin_email The administrator email receiving the mail.
|
* @type string $admin_email The administrator email receiving the mail.
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
$subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $blogname, $email_data );
|
$subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data );
|
||||||
|
|
||||||
$email_sent = wp_mail( $email_data['admin_email'], $subject, $content );
|
$email_sent = wp_mail( $email_data['admin_email'], $subject, $content );
|
||||||
|
|
||||||
@ -3114,12 +3108,6 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$subject = sprintf(
|
|
||||||
/* translators: %s Site name. */
|
|
||||||
__( '[%s] Erasure Request Fulfilled' ),
|
|
||||||
wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES )
|
|
||||||
);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the recipient of the data erasure fulfillment notification.
|
* Filters the recipient of the data erasure fulfillment notification.
|
||||||
*
|
*
|
||||||
@ -3134,10 +3122,16 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) {
|
|||||||
'request' => $request_data,
|
'request' => $request_data,
|
||||||
'message_recipient' => $user_email,
|
'message_recipient' => $user_email,
|
||||||
'privacy_policy_url' => get_privacy_policy_url(),
|
'privacy_policy_url' => get_privacy_policy_url(),
|
||||||
'sitename' => get_option( 'blogname' ),
|
'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
|
||||||
'siteurl' => home_url(),
|
'siteurl' => home_url(),
|
||||||
);
|
);
|
||||||
|
|
||||||
|
$subject = sprintf(
|
||||||
|
/* translators: %s: Site name. */
|
||||||
|
__( '[%s] Erasure Request Fulfilled' ),
|
||||||
|
$email_data['sitename']
|
||||||
|
);
|
||||||
|
|
||||||
if ( empty( $email_data['privacy_policy_url'] ) ) {
|
if ( empty( $email_data['privacy_policy_url'] ) ) {
|
||||||
/* translators: Do not translate SITENAME, SITEURL; those are placeholders. */
|
/* translators: Do not translate SITENAME, SITEURL; those are placeholders. */
|
||||||
$email_text = __(
|
$email_text = __(
|
||||||
@ -3197,7 +3191,7 @@ All at ###SITENAME###
|
|||||||
*/
|
*/
|
||||||
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
|
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
|
||||||
|
|
||||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
|
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||||
$content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
|
$content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
|
||||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||||
|
|
||||||
@ -3360,8 +3354,8 @@ function wp_send_user_request( $request_id ) {
|
|||||||
'request_id' => $request_id,
|
'request_id' => $request_id,
|
||||||
'confirm_key' => wp_generate_user_request_key( $request_id ),
|
'confirm_key' => wp_generate_user_request_key( $request_id ),
|
||||||
), wp_login_url() ),
|
), wp_login_url() ),
|
||||||
'sitename' => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ),
|
'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
|
||||||
'siteurl' => network_home_url(),
|
'siteurl' => home_url(),
|
||||||
);
|
);
|
||||||
|
|
||||||
/* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */
|
/* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */
|
||||||
@ -3412,13 +3406,11 @@ All at ###SITENAME###
|
|||||||
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
|
||||||
$content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
|
$content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
|
||||||
$content = str_replace( '###EMAIL###', $email_data['email'], $content );
|
$content = str_replace( '###EMAIL###', $email_data['email'], $content );
|
||||||
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content );
|
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
|
||||||
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
|
||||||
|
|
||||||
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
|
||||||
|
|
||||||
/* translators: Privacy data request subject. 1: Site name, 2: Name of the action */
|
/* translators: Privacy data request subject. 1: Site name, 2: Name of the action */
|
||||||
$subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $blogname, $email_data['description'] );
|
$subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters the subject of the email sent when an account action is attempted.
|
* Filters the subject of the email sent when an account action is attempted.
|
||||||
@ -3426,7 +3418,7 @@ All at ###SITENAME###
|
|||||||
* @since 4.9.6
|
* @since 4.9.6
|
||||||
*
|
*
|
||||||
* @param string $subject The email subject.
|
* @param string $subject The email subject.
|
||||||
* @param string $blogname The name of the site.
|
* @param string $sitename The name of the site.
|
||||||
* @param array $email_data {
|
* @param array $email_data {
|
||||||
* Data relating to the account action email.
|
* Data relating to the account action email.
|
||||||
*
|
*
|
||||||
@ -3438,7 +3430,7 @@ All at ###SITENAME###
|
|||||||
* @type string $siteurl The site URL sending the mail.
|
* @type string $siteurl The site URL sending the mail.
|
||||||
* }
|
* }
|
||||||
*/
|
*/
|
||||||
$subject = apply_filters( 'user_request_action_email_subject', $subject, $blogname, $email_data );
|
$subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data );
|
||||||
|
|
||||||
return wp_mail( $email_data['email'], $subject, $content );
|
return wp_mail( $email_data['email'], $subject, $content );
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user