Send emails when a user's email address or password is changed.

* In case of email change, email goes to the OLD address
* Prevents against issues where an account is compromised (say via cookie interception) and then the attacker silently takes over ownership via pw/email changes — now there will at least be a record that something is up

fixes #32430
props RMarks, MikeHansenMe, tharsheblows, obenland
Built from https://develop.svn.wordpress.org/trunk@32820


git-svn-id: http://core.svn.wordpress.org/trunk@32791 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Mark Jaquith 2015-06-17 19:31:27 +00:00
parent f62bf61b2c
commit 814865ea9e
2 changed files with 148 additions and 6 deletions

View File

@ -2140,17 +2140,159 @@ function wp_update_user($userdata) {
// Escape data pulled from DB.
$user = add_magic_quotes( $user );
// If password is changing, hash it now.
if ( ! empty($userdata['user_pass']) ) {
// If password is changing, hash it now
$plaintext_pass = $userdata['user_pass'];
$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
$userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] );
/**
* Filter to stop the sending of the password change email.
*
* @since 4.3
* @see wp_insert_user() For $user and $userdata fields.
*
* @param bool Return false to not send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_pass_change_email = apply_filters( 'send_pass_change_email', true, $user, $userdata );
}
wp_cache_delete($user[ 'user_email' ], 'useremail');
if ( $user['user_email'] !== $userdata['user_email'] ) {
/**
* Filter to stop the sending of the email change email.
*
* @since 4.3
* @see wp_insert_user() For $user and $userdata fields.
*
* @param bool Return false to not send the email.
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$send_email_change_email = apply_filters( 'send_email_change_email', true, $user, $userdata );
}
wp_cache_delete( $user['user_email'], 'useremail' );
// Merge old and new fields with new fields overwriting old ones.
$userdata = array_merge($user, $userdata);
$user_id = wp_insert_user($userdata);
$userdata = array_merge( $user, $userdata );
$user_id = wp_insert_user( $userdata );
if ( ! is_wp_error( $user_id ) ) {
$blog_name = wp_specialchars_decode( get_option( 'blogname' ) );
if ( ! empty( $send_pass_change_email ) ) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$pass_change_text = __( 'Hi ###USERNAME###,
This notice confirms that your password was changed on ###SITENAME###.
If you did not change your password, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###' );
$pass_change_email = array(
'to' => $user['user_email'],
'subject' => __( '[%s] Notice of Password Change' ),
'message' => $pass_change_text,
'headers' => '',
);
/**
* Filter the email sent when the user's password is changed.
*
* @since 4.3
*
* @param array $pass_change_email {
* Used to build wp_mail(). https://developer.wordpress.org/reference/functions/wp_mail/
* @type string $to The intended recipients. Add emails in a comma separated string.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_EMAIL### The admin email in case this was unexpected.
* ###EMAIL### The old email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
* @type string $headers Headers. Add headers in a newline (\r\n) separated string.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*
*/
$pass_change_email = apply_filters( 'password_change_email', $pass_change_email, $user, $userdata );
$pass_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $pass_change_email['message'] );
$pass_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $pass_change_email['message'] );
$pass_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $pass_change_email['message'] );
$pass_change_email['message'] = str_replace( '###SITENAME###', get_option( 'blogname' ), $pass_change_email['message'] );
$pass_change_email['message'] = str_replace( '###SITEURL###', get_option( 'siteurl' ), $pass_change_email['message'] );
wp_mail( $pass_change_email['to'], sprintf( $pass_change_email['subject'], $blog_name ), $pass_change_email['message'], $pass_change_email['headers'] );
}
if ( ! empty( $send_email_change_email ) ) {
/* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_change_text = __( 'Hi ###USERNAME###,
This notice confirms that your email was changed on ###SITENAME###.
If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###
This email has been sent to ###EMAIL###
Regards,
All at ###SITENAME###
###SITEURL###' );
$email_change_email = array(
'to' => $user['user_email'],
'subject' => __( '[%s] Notice of Email Change' ),
'message' => $email_change_text,
'headers' => '',
);
/**
* Filter the email sent when the user's password is changed.
*
* @since 4.3
*
* @param array $email_change_email {
* Used to build wp_mail(). https://developer.wordpress.org/reference/functions/wp_mail/
* @type string $to The intended recipients.
* @type string $subject The subject of the email.
* @type string $message The content of the email.
* The following strings have a special meaning and will get replaced dynamically:
* ###USERNAME### The current user's username.
* ###ADMIN_EMAIL### The admin email in case this was unexpected.
* ###EMAIL### The old email.
* ###SITENAME### The name of the site.
* ###SITEURL### The URL to the site.
* @type string $headers Headers.
* }
* @param array $user The original user array.
* @param array $userdata The updated user array.
*/
$email_change_email = apply_filters( 'email_change_email', $email_change_email, $user, $userdata );
$email_change_email['message'] = str_replace( '###USERNAME###', $user['user_login'], $email_change_email['message'] );
$email_change_email['message'] = str_replace( '###ADMIN_EMAIL###', get_option( 'admin_email' ), $email_change_email['message'] );
$email_change_email['message'] = str_replace( '###EMAIL###', $user['user_email'], $email_change_email['message'] );
$email_change_email['message'] = str_replace( '###SITENAME###', get_option( 'blogname' ), $email_change_email['message'] );
$email_change_email['message'] = str_replace( '###SITEURL###', get_option( 'siteurl' ), $email_change_email['message'] );
wp_mail( $email_change_email['to'], sprintf( $email_change_email['subject'], $blog_name ), $email_change_email['message'], $email_change_email['headers'] );
}
}
// Update the cookies if the password changed.
$current_user = wp_get_current_user();

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.3-alpha-32819';
$wp_version = '4.3-alpha-32820';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.