From 8c5cdf2b39fa1e9b42df6f242208e18b5c1f28ba Mon Sep 17 00:00:00 2001 From: Peter Wilson Date: Thu, 13 Dec 2018 00:45:21 +0000 Subject: [PATCH] Multisite: Improve messaging for previously activated users. Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time. Merges [44021] to the 4.6 branch. Built from https://develop.svn.wordpress.org/branches/4.6@44028 git-svn-id: http://core.svn.wordpress.org/branches/4.6@43858 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-activate.php | 112 +++++++++++++++++++++---------- wp-includes/general-template.php | 18 +++++ wp-login.php | 2 +- 3 files changed, 95 insertions(+), 37 deletions(-) diff --git a/wp-activate.php b/wp-activate.php index 0f6181a5d1..770e7a1ecf 100644 --- a/wp-activate.php +++ b/wp-activate.php @@ -18,6 +18,48 @@ if ( !is_multisite() ) { die(); } +$valid_error_codes = array( 'already_active', 'blog_taken' ); + +list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) ); +$activate_cookie = 'wp-activate-' . COOKIEHASH; + +$key = ''; +$result = null; + +if ( ! empty( $_GET['key'] ) ) { + $key = $_GET['key']; +} elseif ( ! empty( $_POST['key'] ) ) { + $key = $_POST['key']; +} + +if ( $key ) { + $redirect_url = remove_query_arg( 'key' ); + + if ( $redirect_url !== remove_query_arg( false ) ) { + setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true ); + wp_safe_redirect( $redirect_url ); + exit; + } else { + $result = wpmu_activate_signup( $key ); + } +} + +if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) { + $key = $_COOKIE[ $activate_cookie ]; + $result = wpmu_activate_signup( $key ); + setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true ); +} + +if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) { + status_header( 404 ); +} elseif ( is_wp_error( $result ) ) { + $error_code = $result->get_error_code(); + + if ( ! in_array( $error_code, $valid_error_codes ) ) { + status_header( 400 ); + } +} + if ( is_object( $wp_object_cache ) ) $wp_object_cache->cache_enabled = false; @@ -67,13 +109,14 @@ function wpmu_activate_stylesheet() {
- +

@@ -87,43 +130,40 @@ get_header( 'wp-activate' );
get_error_code() || 'blog_taken' == $result->get_error_code() ) { - $signup = $result->get_error_data(); - ?> -

- '; - if ( $signup->domain . $signup->path == '' ) { - printf( - /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */ - __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), - network_site_url( 'wp-login.php', 'login' ), - $signup->user_login, - $signup->user_email, - wp_lostpassword_url() - ); - } else { - printf( - /* translators: 1: site URL, 2: site domain, 3: username, 4: user email, 5: lost password URL */ - __( 'Your site at %2$s is active. You may now log in to your site using your chosen username of “%3$s”. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), - 'http://' . $signup->domain, - $signup->domain, - $signup->user_login, - $signup->user_email, - wp_lostpassword_url() - ); - } - echo '

'; + if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) { + $signup = $result->get_error_data(); + ?> +

+ '; + if ( $signup->domain . $signup->path == '' ) { + printf( + /* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */ + __( 'Your account has been activated. You may now log in to the site using your chosen username of “%2$s”. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + network_site_url( 'wp-login.php', 'login' ), + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); } else { - ?> -

-

get_error_message(); ?>

- %2$s is active. You may now log in to your site using your chosen username of “%3$s”. Please check your email inbox at %4$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can reset your password.' ), + 'http://' . $signup->domain, + $signup->domain, + $signup->user_login, + $signup->user_email, + wp_lostpassword_url() + ); } + echo '

'; + } elseif ( $result === null || is_wp_error( $result ) ) { + ?> +

+ +

get_error_message(); ?>

+ + \n"; } +/** + * Display a noindex,noarchive meta tag and referrer origin-when-cross-origin meta tag. + * + * Outputs a noindex,noarchive meta tag that tells web robots not to index or cache the page content. + * Outputs a referrer origin-when-cross-origin meta tag that tells the browser not to send the full + * url as a referrer to other sites when cross-origin assets are loaded. + * + * Typical usage is as a wp_head callback. add_action( 'wp_head', 'wp_sensitive_page_meta' ); + * + * @since 5.0.0 + */ +function wp_sensitive_page_meta() { + ?> + + +