Skip to content
Permalink
Browse files

Admin email verification:

- Add the `admin_email_lifespan` option when installing. Fixes a bug where the verification screen is shown right after installation.
- Reset the same option when upgrading and the user doing the DB upgrade is not an admin. This will ensure the email verification is shown next time an admin logs in.
- Use `site_url()` instead of `network_site_url()` for the form action. The latter seems needed only for password reset.

See #46349.

git-svn-id: https://develop.svn.wordpress.org/trunk@45788 602fd350-edb4-49c9-b593-d223f7449a82
  • Loading branch information...
azaozz committed Aug 13, 2019
1 parent feb0830 commit 6dad32d2aed47e6c0cf2aee8410645f6d7aba6bd
Showing with 13 additions and 6 deletions.
  1. +3 −0 src/wp-admin/includes/schema.php
  2. +8 −4 src/wp-admin/includes/upgrade.php
  3. +2 −2 src/wp-login.php
@@ -542,6 +542,9 @@ function populate_options( array $options = array() ) {
// 4.9.8
'show_comments_cookies_opt_in' => 1,
// 5.3.0
'admin_email_lifespan' => ( time() + 6 * MONTH_IN_SECONDS ),
);
// 3.3
@@ -2125,10 +2125,14 @@ function upgrade_510() {
* @since 5.3.0
*/
function upgrade_530() {
// Do `add_option()` rather than overwriting with `update_option()` as this may run
// after an admin was redirected to the email verification screen,
// and the option was updated.
add_option( 'admin_email_lifespan', 0 );
// The `admin_email_lifespan` option may have been set by an admin that just logged in,
// saw the verification screen, clicked on a button there, and is now upgrading the db,
// or by populate_options() that is called earlier in upgrade_all().
// In the second case `admin_email_lifespan` should be reset so the verification screen
// is shown next time an admin logs in.
if ( function_exists( 'current_user_can' ) && ! current_user_can( 'manage_options' ) ) {
update_option( 'admin_email_lifespan', 0 );
}
}
/**
@@ -594,7 +594,7 @@ function retrieve_password() {
*
* @param int Interval time (in seconds).
*/
$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 180 * DAY_IN_SECONDS );
$admin_email_check_interval = (int) apply_filters( 'admin_email_check_interval', 6 * MONTH_IN_SECONDS );
if ( $admin_email_check_interval > 0 ) {
update_option( 'admin_email_lifespan', time() + $admin_email_check_interval );
@@ -617,7 +617,7 @@ function retrieve_password() {
?>

<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
<form class="admin-email-confirm-form" name="admin-email-confirm-form" action="<?php echo esc_url( site_url( 'wp-login.php?action=confirm_admin_email', 'login_post' ) ); ?>" method="post">
<?php
/**
* Fires inside the admin-email-confirm-form form tags, before the hidden fields.

0 comments on commit 6dad32d

Please sign in to comment.
You can’t perform that action at this time.