From c3ca81ba94d788e39823fb803a4980015fb24854 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <wp@andrewnacin.com>
Date: Fri, 28 Mar 2014 02:44:15 +0000
Subject: [PATCH] Always decode special characters for email subjects.

props tlovett1, jeremyfelt.
fixes #25346.

Built from https://develop.svn.wordpress.org/trunk@27801


git-svn-id: http://core.svn.wordpress.org/trunk@27636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/includes/class-wp-upgrader.php | 4 ++--
 wp-admin/includes/ms.php                | 4 ++--
 wp-admin/ms-delete-site.php             | 2 +-
 wp-admin/user-new.php                   | 2 +-
 wp-includes/ms-functions.php            | 8 ++++----
 wp-includes/pluggable.php               | 4 ++--
 wp-login.php                            | 2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php
index 5d97a438a3..6db77af5e1 100644
--- a/wp-admin/includes/class-wp-upgrader.php
+++ b/wp-admin/includes/class-wp-upgrader.php
@@ -2420,7 +2420,7 @@ class WP_Automatic_Updater {
 		 */
 		$email = apply_filters( 'auto_core_update_email', $email, $type, $core_update, $result );
 
-		wp_mail( $email['to'], $email['subject'], $email['body'], $email['headers'] );
+		wp_mail( $email['to'], wp_specialchars_decode( $email['subject'] ), $email['body'], $email['headers'] );
 	}
 
 	/**
@@ -2570,6 +2570,6 @@ Thanks! -- The WordPress Team" );
 		 */
 		$email = apply_filters( 'automatic_updates_debug_email', $email, $failures, $this->update_results );
 
-		wp_mail( $email['to'], $email['subject'], $email['body'], $email['headers'] );
+		wp_mail( $email['to'], wp_specialchars_decode( $email['subject'] ), $email['body'], $email['headers'] );
 	}
 }
diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php
index 59c28b382b..3a4d1907bc 100644
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@@ -259,7 +259,7 @@ All at ###SITENAME###
 	$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
 	$content = str_replace( '###SITEURL###', network_home_url(), $content );
 
-	wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), get_option( 'blogname' ) ), $content );
+	wp_mail( $value, sprintf( __( '[%s] New Admin Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
 }
 add_action( 'update_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
 add_action( 'add_option_new_admin_email', 'update_option_new_admin_email', 10, 2 );
@@ -328,7 +328,7 @@ All at ###SITENAME###
 		$content = str_replace( '###SITENAME###', get_site_option( 'site_name' ), $content );
 		$content = str_replace( '###SITEURL###', network_home_url(), $content );
 
-		wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), get_option( 'blogname' ) ), $content );
+		wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), $content );
 		$_POST['email'] = $current_user->user_email;
 	}
 }
diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php
index c94089def8..00143089e2 100644
--- a/wp-admin/ms-delete-site.php
+++ b/wp-admin/ms-delete-site.php
@@ -68,7 +68,7 @@ Webmaster
 	$content = str_replace( '###URL_DELETE###', $url_delete, $content );
 	$content = str_replace( '###SITE_NAME###', $current_site->site_name, $content );
 
-	wp_mail( get_option( 'admin_email' ), "[ " . get_option( 'blogname' ) . " ] ".__( 'Delete My Site' ), $content );
+	wp_mail( get_option( 'admin_email' ), "[ " . wp_specialchars_decode( get_option( 'blogname' ) ) . " ] ".__( 'Delete My Site' ), $content );
 	?>
 
 	<p><?php _e( 'Thank you. Please check your email for a link to confirm your action. Your site will not be deleted until this link is clicked. ') ?></p>
diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php
index 2b8583ce45..1883625e11 100644
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@@ -85,7 +85,7 @@ You\'ve been invited to join \'%1$s\' at
 
 Please click the following link to confirm the invite:
 %4$s' );
-			wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) );
+			wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) );
 			$redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
 		}
 	}
diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
index 8784623d05..b5e75c2afe 100644
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@@ -880,7 +880,7 @@ function wpmu_signup_blog_notification( $domain, $path, $title, $user, $user_ema
 		$from_name,
 		esc_url( 'http://' . $domain . $path )
 	);
-	wp_mail($user_email, $subject, $message, $message_headers);
+	wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers );
 	return true;
 }
 
@@ -965,7 +965,7 @@ function wpmu_signup_user_notification( $user, $user_email, $key, $meta = array(
 		$from_name,
 		$user
 	);
-	wp_mail($user_email, $subject, $message, $message_headers);
+	wp_mail( $user_email, wp_specialchars_decode( $subject ), $message, $message_headers );
 	return true;
 }
 
@@ -1521,7 +1521,7 @@ We hope you enjoy your new site. Thanks!
 	 * @param string $subject Subject of the email.
 	 */
 	$subject = apply_filters( 'update_welcome_subject', sprintf( __( 'New %1$s Site: %2$s' ), $current_site->site_name, wp_unslash( $title ) ) );
-	wp_mail($user->user_email, $subject, $message, $message_headers);
+	wp_mail( $user->user_email, wp_specialchars_decode( $subject ), $message, $message_headers );
 	return true;
 }
 
@@ -1599,7 +1599,7 @@ function wpmu_welcome_user_notification( $user_id, $password, $meta = array() )
 	 * @param string $subject Subject of the email.
 	 */
 	$subject = apply_filters( 'update_welcome_user_subject', sprintf( __( 'New %1$s User: %2$s' ), $current_site->site_name, $user->user_login) );
-	wp_mail($user->user_email, $subject, $message, $message_headers);
+	wp_mail( $user->user_email, wp_specialchars_decode( $subject ), $message, $message_headers );
 	return true;
 }
 
diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 1de744192c..2f7de1149c 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1168,7 +1168,7 @@ function wp_notify_postauthor( $comment_id, $deprecated = null ) {
 	$message_headers = apply_filters( 'comment_notification_headers',    $message_headers, $comment_id );
 
 	foreach ( $emails as $email ) {
-		@wp_mail( $email, $subject, $notify_message, $message_headers );
+		@wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers );
 	}
 
 	return true;
@@ -1255,7 +1255,7 @@ function wp_notify_moderator($comment_id) {
 	$message_headers = apply_filters( 'comment_moderation_headers',    $message_headers, $comment_id );
 
 	foreach ( $emails as $email ) {
-		@wp_mail( $email, $subject, $notify_message, $message_headers );
+		@wp_mail( $email, wp_specialchars_decode( $subject ), $notify_message, $message_headers );
 	}
 
 	return true;
diff --git a/wp-login.php b/wp-login.php
index 435b95abe1..2dce6b3cea 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -388,7 +388,7 @@ function retrieve_password() {
 	 */
 	$message = apply_filters( 'retrieve_password_message', $message, $key );
 
-	if ( $message && !wp_mail($user_email, $title, $message) )
+	if ( $message && !wp_mail( $user_email, wp_specialchars_decode( $title ), $message ) )
 		wp_die( __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function.') );
 
 	return true;