Privacy: Use consistent values for the site name and URL used in notification emails.

The functions `send_confirmation_on_profile_email()`, `_wp_privacy_send_request_confirmation_notification()`, `_wp_privacy_send_erasure_fulfillment_notification()`, and `wp_send_user_request()` all include a title and URL indicating the current site. However, so far they have dealt with those values inconsistently, sometimes using the site values, other times using the network values if in a multisite. This changeset ensures that only the current site is taken into account in all cases and that special characters in the site name are consistently decoded.

Props subrataemfluence, desrosj.
Merges [43388], [43390], and [43435] to the 4.9 branch.
Fixes #44396.
Built from https://develop.svn.wordpress.org/branches/4.9@43459


git-svn-id: http://core.svn.wordpress.org/branches/4.9@43286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2018-07-16 14:24:26 +00:00
parent d2342e75d0
commit cb2625e260
3 changed files with 28 additions and 36 deletions

View File

@ -2099,20 +2099,20 @@ All at ###SITENAME###
$email_address = $request->email; $email_address = $request->email;
$export_file_url = get_post_meta( $request_id, '_export_file_url', true ); $export_file_url = get_post_meta( $request_id, '_export_file_url', true );
$site_name = is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ); $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$site_url = network_home_url(); $site_url = home_url();
$content = str_replace( '###EXPIRATION###', $expiration_date, $content ); $content = str_replace( '###EXPIRATION###', $expiration_date, $content );
$content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content ); $content = str_replace( '###LINK###', esc_url_raw( $export_file_url ), $content );
$content = str_replace( '###EMAIL###', $email_address, $content ); $content = str_replace( '###EMAIL###', $email_address, $content );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $site_name, ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', $site_name, $content );
$content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $site_url ), $content );
$mail_success = wp_mail( $mail_success = wp_mail(
$email_address, $email_address,
sprintf( sprintf(
__( '[%s] Personal Data Export' ), __( '[%s] Personal Data Export' ),
wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) $site_name
), ),
$content $content
); );

View File

@ -2657,11 +2657,7 @@ function send_confirmation_on_profile_email() {
); );
update_user_meta( $current_user->ID, '_new_email', $new_user_email ); update_user_meta( $current_user->ID, '_new_email', $new_user_email );
if ( is_multisite() ) { $sitename = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$sitename = get_site_option( 'site_name' );
} else {
$sitename = get_option( 'blogname' );
}
/* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */ /* translators: Do not translate USERNAME, ADMIN_URL, EMAIL, SITENAME, SITEURL: those are placeholders. */
$email_text = __( 'Howdy ###USERNAME###, $email_text = __( 'Howdy ###USERNAME###,
@ -2706,10 +2702,10 @@ All at ###SITENAME###
$content = str_replace( '###USERNAME###', $current_user->user_login, $content ); $content = str_replace( '###USERNAME###', $current_user->user_login, $content );
$content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content ); $content = str_replace( '###ADMIN_URL###', esc_url( admin_url( 'profile.php?newuseremail=' . $hash ) ), $content );
$content = str_replace( '###EMAIL###', $_POST['email'], $content ); $content = str_replace( '###EMAIL###', $_POST['email'], $content );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $sitename, ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', $sitename, $content );
$content = str_replace( '###SITEURL###', network_home_url(), $content ); $content = str_replace( '###SITEURL###', home_url(), $content );
wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ), $content ); wp_mail( $_POST['email'], sprintf( __( '[%s] New Email Address' ), $sitename ), $content );
$_POST['email'] = $current_user->user_email; $_POST['email'] = $current_user->user_email;
} }
@ -2919,7 +2915,7 @@ function _wp_privacy_send_request_confirmation_notification( $request_id ) {
'user_email' => $request_data->email, 'user_email' => $request_data->email,
'description' => $action_description, 'description' => $action_description,
'manage_url' => $manage_url, 'manage_url' => $manage_url,
'sitename' => get_option( 'blogname' ), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
'siteurl' => home_url(), 'siteurl' => home_url(),
'admin_email' => $admin_email, 'admin_email' => $admin_email,
); );
@ -2971,18 +2967,16 @@ All at ###SITENAME###
*/ */
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
$content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content ); $content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
$content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content ); $content = str_replace( '###MANAGE_URL###', esc_url_raw( $email_data['manage_url'] ), $content );
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
$subject = sprintf( $subject = sprintf(
/* translators: 1: Site name. 2: Name of the confirmed action. */ /* translators: 1: Site name. 2: Name of the confirmed action. */
__( '[%1$s] Action Confirmed: %2$s' ), __( '[%1$s] Action Confirmed: %2$s' ),
$blogname, $email_data['sitename'],
$action_description $action_description
); );
@ -2992,7 +2986,7 @@ All at ###SITENAME###
* @since 4.9.8 * @since 4.9.8
* *
* @param string $subject The email subject. * @param string $subject The email subject.
* @param string $blogname The name of the site. * @param string $sitename The name of the site.
* @param array $email_data { * @param array $email_data {
* Data relating to the account action email. * Data relating to the account action email.
* *
@ -3005,7 +2999,7 @@ All at ###SITENAME###
* @type string $admin_email The administrator email receiving the mail. * @type string $admin_email The administrator email receiving the mail.
* } * }
*/ */
$subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $blogname, $email_data ); $subject = apply_filters( 'user_request_confirmed_email_subject', $subject, $email_data['sitename'], $email_data );
$email_sent = wp_mail( $email_data['admin_email'], $subject, $content ); $email_sent = wp_mail( $email_data['admin_email'], $subject, $content );
@ -3036,12 +3030,6 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) {
return; return;
} }
$subject = sprintf(
/* translators: %s Site name. */
__( '[%s] Erasure Request Fulfilled' ),
wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES )
);
/** /**
* Filters the recipient of the data erasure fulfillment notification. * Filters the recipient of the data erasure fulfillment notification.
* *
@ -3056,10 +3044,16 @@ function _wp_privacy_send_erasure_fulfillment_notification( $request_id ) {
'request' => $request_data, 'request' => $request_data,
'message_recipient' => $user_email, 'message_recipient' => $user_email,
'privacy_policy_url' => get_privacy_policy_url(), 'privacy_policy_url' => get_privacy_policy_url(),
'sitename' => get_option( 'blogname' ), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
'siteurl' => home_url(), 'siteurl' => home_url(),
); );
$subject = sprintf(
/* translators: %s: Site name. */
__( '[%s] Erasure Request Fulfilled' ),
$email_data['sitename']
);
if ( empty( $email_data['privacy_policy_url'] ) ) { if ( empty( $email_data['privacy_policy_url'] ) ) {
/* translators: Do not translate SITENAME, SITEURL; those are placeholders. */ /* translators: Do not translate SITENAME, SITEURL; those are placeholders. */
$email_text = __( $email_text = __(
@ -3119,7 +3113,7 @@ All at ###SITENAME###
*/ */
$content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data ); $content = apply_filters( 'user_confirmed_action_email_content', $email_text, $email_data );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
$content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content ); $content = str_replace( '###PRIVACY_POLICY_URL###', $email_data['privacy_policy_url'], $content );
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
@ -3282,8 +3276,8 @@ function wp_send_user_request( $request_id ) {
'request_id' => $request_id, 'request_id' => $request_id,
'confirm_key' => wp_generate_user_request_key( $request_id ), 'confirm_key' => wp_generate_user_request_key( $request_id ),
), wp_login_url() ), ), wp_login_url() ),
'sitename' => is_multisite() ? get_site_option( 'site_name' ) : get_option( 'blogname' ), 'sitename' => wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ),
'siteurl' => network_home_url(), 'siteurl' => home_url(),
); );
/* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */ /* translators: Do not translate DESCRIPTION, CONFIRM_URL, SITENAME, SITEURL: those are placeholders. */
@ -3334,13 +3328,11 @@ All at ###SITENAME###
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content ); $content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
$content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content ); $content = str_replace( '###CONFIRM_URL###', esc_url_raw( $email_data['confirm_url'] ), $content );
$content = str_replace( '###EMAIL###', $email_data['email'], $content ); $content = str_replace( '###EMAIL###', $email_data['email'], $content );
$content = str_replace( '###SITENAME###', wp_specialchars_decode( $email_data['sitename'], ENT_QUOTES ), $content ); $content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
$content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content ); $content = str_replace( '###SITEURL###', esc_url_raw( $email_data['siteurl'] ), $content );
$blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );
/* translators: Privacy data request subject. 1: Site name, 2: Name of the action */ /* translators: Privacy data request subject. 1: Site name, 2: Name of the action */
$subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $blogname, $email_data['description'] ); $subject = sprintf( __( '[%1$s] Confirm Action: %2$s' ), $email_data['sitename'], $email_data['description'] );
/** /**
* Filters the subject of the email sent when an account action is attempted. * Filters the subject of the email sent when an account action is attempted.
@ -3348,7 +3340,7 @@ All at ###SITENAME###
* @since 4.9.6 * @since 4.9.6
* *
* @param string $subject The email subject. * @param string $subject The email subject.
* @param string $blogname The name of the site. * @param string $sitename The name of the site.
* @param array $email_data { * @param array $email_data {
* Data relating to the account action email. * Data relating to the account action email.
* *
@ -3360,7 +3352,7 @@ All at ###SITENAME###
* @type string $siteurl The site URL sending the mail. * @type string $siteurl The site URL sending the mail.
* } * }
*/ */
$subject = apply_filters( 'user_request_action_email_subject', $subject, $blogname, $email_data ); $subject = apply_filters( 'user_request_action_email_subject', $subject, $email_data['sitename'], $email_data );
return wp_mail( $email_data['email'], $subject, $content ); return wp_mail( $email_data['email'], $subject, $content );
} }

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9.8-alpha-43458'; $wp_version = '4.9.8-alpha-43459';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.