mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
Options, Meta APIs: Send a notification to the old admin email address when the site admin email or network admin email address is changed.
This reduces the chances of a site compromise going unnoticed, in the same way that the same notifications for user account email address changes reduces the chances of a user account compromise going unnoticed. Props MatheusGimenez, johnbillion Fixes #39117 Built from https://develop.svn.wordpress.org/trunk@41164 git-svn-id: http://core.svn.wordpress.org/trunk@41004 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
62fe4be994
commit
b9b4776800
@ -54,6 +54,7 @@ add_action( 'admin_print_scripts-post-new.php', 'wp_page_reload_on_back_button_j
|
||||
add_action( 'update_option_home', 'update_home_siteurl', 10, 2 );
|
||||
add_action( 'update_option_siteurl', 'update_home_siteurl', 10, 2 );
|
||||
add_action( 'update_option_page_on_front', 'update_home_siteurl', 10, 2 );
|
||||
add_action( 'update_option_admin_email', 'wp_site_admin_email_change_notification', 10, 3 );
|
||||
|
||||
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 );
|
||||
add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 );
|
||||
|
@ -22,6 +22,9 @@ add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10
|
||||
// Site Hooks.
|
||||
add_action( 'wpmueditblogaction', 'upload_space_setting' );
|
||||
|
||||
// Network hooks
|
||||
add_action( 'update_site_option_admin_email', 'wp_network_admin_email_change_notification', 10, 4 );
|
||||
|
||||
// Taxonomy Hooks
|
||||
add_filter( 'get_term', 'sync_category_tag_slugs', 10, 2 );
|
||||
|
||||
|
@ -5649,3 +5649,85 @@ function wp_cache_get_last_changed( $group ) {
|
||||
|
||||
return $last_changed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Send an email to the old site admin email address when the site admin email address changes.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param string $old_email The old site admin email address.
|
||||
* @param string $new_email The new site admin email address.
|
||||
* @param string $option_name The relevant database option name.
|
||||
*/
|
||||
function wp_site_admin_email_change_notification( $old_email, $new_email, $option_name ) {
|
||||
/**
|
||||
* Filters whether to send the site admin email change notification email.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param bool $send Whether to send the email notification.
|
||||
* @param string $old_email The old site admin email address.
|
||||
* @param string $new_email The new site admin email address.
|
||||
*/
|
||||
$send = apply_filters( 'send_site_admin_email_change_email', true, $old_email, $new_email );
|
||||
|
||||
if ( ! $send ) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */
|
||||
$email_change_text = __( 'Hi,
|
||||
|
||||
This notice confirms that the admin email address was changed on ###SITENAME###.
|
||||
|
||||
The new admin email address is ###NEW_EMAIL###.
|
||||
|
||||
This email has been sent to ###OLD_EMAIL###
|
||||
|
||||
Regards,
|
||||
All at ###SITENAME###
|
||||
###SITEURL###' );
|
||||
|
||||
$email_change_email = array(
|
||||
'to' => $old_email,
|
||||
/* translators: Site admin email change notification email subject. %s: Site title */
|
||||
'subject' => __( '[%s] Notice of Admin Email Change' ),
|
||||
'message' => $email_change_text,
|
||||
'headers' => '',
|
||||
);
|
||||
// get site name
|
||||
$site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
|
||||
|
||||
/**
|
||||
* Filters the contents of the email notification sent when the site admin email address is changed.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param array $email_change_email {
|
||||
* Used to build wp_mail().
|
||||
*
|
||||
* @type string $to The intended recipient.
|
||||
* @type string $subject The subject of the email.
|
||||
* @type string $message The content of the email.
|
||||
* The following strings have a special meaning and will get replaced dynamically:
|
||||
* - ###OLD_EMAIL### The old site admin email address.
|
||||
* - ###NEW_EMAIL### The new site admin email address.
|
||||
* - ###SITENAME### The name of the site.
|
||||
* - ###SITEURL### The URL to the site.
|
||||
* @type string $headers Headers.
|
||||
* }
|
||||
* @param string $old_email The old site admin email address.
|
||||
* @param string $new_email The new site admin email address.
|
||||
*/
|
||||
$email_change_email = apply_filters( 'site_admin_email_change_email', $email_change_email, $old_email, $new_email );
|
||||
|
||||
$email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###SITENAME###', $site_name, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] );
|
||||
|
||||
wp_mail( $email_change_email['to'], sprintf(
|
||||
$email_change_email['subject'],
|
||||
$blog_name
|
||||
), $email_change_email['message'], $email_change_email['headers'] );
|
||||
}
|
||||
|
@ -2557,3 +2557,88 @@ function get_subdirectory_reserved_names() {
|
||||
*/
|
||||
return apply_filters( 'subdirectory_reserved_names', $names );
|
||||
}
|
||||
|
||||
/**
|
||||
* Send an email to the old network admin email address when the network admin email address changes.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param string $option_name The relevant database option name.
|
||||
* @param string $new_email The new network admin email address.
|
||||
* @param string $old_email The old network admin email address.
|
||||
* @param int $network_id ID of the network.
|
||||
*/
|
||||
function wp_network_admin_email_change_notification( $option_name, $new_email, $old_email, $network_id ) {
|
||||
/**
|
||||
* Filters whether to send the network admin email change notification email.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param bool $send Whether to send the email notification.
|
||||
* @param string $old_email The old network admin email address.
|
||||
* @param string $new_email The new network admin email address.
|
||||
* @param int $network_id ID of the network.
|
||||
*/
|
||||
$send = apply_filters( 'send_network_admin_email_change_email', true, $old_email, $new_email, $network_id );
|
||||
|
||||
if ( ! $send ) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */
|
||||
$email_change_text = __( 'Hi,
|
||||
|
||||
This notice confirms that the network admin email address was changed on ###SITENAME###.
|
||||
|
||||
The new network admin email address is ###NEW_EMAIL###.
|
||||
|
||||
This email has been sent to ###OLD_EMAIL###
|
||||
|
||||
Regards,
|
||||
All at ###SITENAME###
|
||||
###SITEURL###' );
|
||||
|
||||
$email_change_email = array(
|
||||
'to' => $old_email,
|
||||
/* translators: Network admin email change notification email subject. %s: Network title */
|
||||
'subject' => __( '[%s] Notice of Network Admin Email Change' ),
|
||||
'message' => $email_change_text,
|
||||
'headers' => '',
|
||||
);
|
||||
// get network name
|
||||
$network_name = wp_specialchars_decode( get_site_option( 'site_name' ), ENT_QUOTES );
|
||||
|
||||
/**
|
||||
* Filters the contents of the email notification sent when the network admin email address is changed.
|
||||
*
|
||||
* @since 4.9.0
|
||||
*
|
||||
* @param array $email_change_email {
|
||||
* Used to build wp_mail().
|
||||
*
|
||||
* @type string $to The intended recipient.
|
||||
* @type string $subject The subject of the email.
|
||||
* @type string $message The content of the email.
|
||||
* The following strings have a special meaning and will get replaced dynamically:
|
||||
* - ###OLD_EMAIL### The old network admin email address.
|
||||
* - ###NEW_EMAIL### The new network admin email address.
|
||||
* - ###SITENAME### The name of the network.
|
||||
* - ###SITEURL### The URL to the site.
|
||||
* @type string $headers Headers.
|
||||
* }
|
||||
* @param string $old_email The old network admin email address.
|
||||
* @param string $new_email The new network admin email address.
|
||||
* @param int $network_id ID of the network.
|
||||
*/
|
||||
$email_change_email = apply_filters( 'network_admin_email_change_email', $email_change_email, $old_email, $new_email, $network_id );
|
||||
|
||||
$email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###SITENAME###', $network_name, $email_change_email['message'] );
|
||||
$email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] );
|
||||
|
||||
wp_mail( $email_change_email['to'], sprintf(
|
||||
$email_change_email['subject'],
|
||||
$network_name
|
||||
), $email_change_email['message'], $email_change_email['headers'] );
|
||||
}
|
||||
|
@ -4,7 +4,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.9-alpha-41163';
|
||||
$wp_version = '4.9-alpha-41164';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user