Admin email verification:

- Add the `admin_email_lifespan` option when installing. Fixes a bug where the verification screen is shown right after installation. - Reset the same option when upgrading and the user doing the DB upgrade is not an admin. This will ensure the email verification is shown next time an admin logs in. - Use `site_url()` instead of `network_site_url()` for the form action. The latter seems needed only for password reset. See #46349. Built from https://develop.svn.wordpress.org/trunk@45788 git-svn-id: http://core.svn.wordpress.org/trunk@45599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-08-13 17:40:55 +00:00 · 2019-08-13 17:40:55 +00:00 · 197b4a829b
parent dc2e7e716f
commit 197b4a829b
4 changed files with 14 additions and 7 deletions
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@ -542,6 +542,9 @@ function populate_options( array $options = array() ) {

 		// 4.9.8
 		'show_comments_cookies_opt_in'    => 1,
+
+		// 5.3.0
+		'admin_email_lifespan'            => ( time() + 6 * MONTH_IN_SECONDS ),
 	);

 	// 3.3
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@ -2125,10 +2125,14 @@ function upgrade_510() {
 * @since 5.3.0
 */
 function upgrade_530() {
-	// Do `add_option()` rather than overwriting with `update_option()` as this may run
-	// after an admin was redirected to the email verification screen,
-	// and the option was updated.
-	add_option( 'admin_email_lifespan', 0 );
+	// The `admin_email_lifespan` option may have been set by an admin that just logged in,
+	// saw the verification screen, clicked on a button there, and is now upgrading the db,
+	// or by populate_options() that is called earlier in upgrade_all(). 
+	// In the second case `admin_email_lifespan` should be reset so the verification screen
+	// is shown next time an admin logs in.
+	if ( function_exists( 'current_user_can' ) && ! current_user_can( 'manage_options' ) ) {
+		update_option( 'admin_email_lifespan', 0 );
+	}
 }

 /**
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.3-alpha-45787';
+$wp_version = '5.3-alpha-45788';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-login.php
+++ b/wp-login.php
@ -594,7 +594,7 @@ switch ( $action ) {
 			 *
 			 * @param int Interval time (in seconds).
 			 */
-			$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 180 * DAY_IN_SECONDS );
+			$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS );

 			if ( $admin_email_check_interval > 0 ) {
 				update_option( 'admin_email_lifespan', time() + $admin_email_check_interval );
@ -617,7 +617,7 @@ switch ( $action ) {

 		?>

-		<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
+		<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
 			<?php
 			/**
 			* Fires inside the admin-email-confirm-form form tags, before the hidden fields.