Multisite: Improve messaging for previously activated users.

Ensure activation of a site is not attempted multiple times and users are shown the correct message if they follow the link a second time. git-svn-id: https://develop.svn.wordpress.org/trunk@44021 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-03 04:04:35 +00:00 · 2018-12-13 00:22:03 +00:00
parent 82a8632367
commit b5bfe2bd82
3 changed files with 101 additions and 45 deletions
--- a/src/wp-activate.php
+++ b/src/wp-activate.php
@@ -18,6 +18,48 @@ if ( ! is_multisite() ) {
 	die();
 }

+$valid_error_codes = array( 'already_active', 'blog_taken' );
+
+list( $activate_path ) = explode( '?', wp_unslash( $_SERVER['REQUEST_URI'] ) );
+$activate_cookie       = 'wp-activate-' . COOKIEHASH;
+
+$key    = '';
+$result = null;
+
+if ( ! empty( $_GET['key'] ) ) {
+	$key = $_GET['key'];
+} elseif ( ! empty( $_POST['key'] ) ) {
+	$key = $_POST['key'];
+}
+
+if ( $key ) {
+	$redirect_url = remove_query_arg( 'key' );
+
+	if ( $redirect_url !== remove_query_arg( false ) ) {
+		setcookie( $activate_cookie, $key, 0, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+		wp_safe_redirect( $redirect_url );
+		exit;
+	} else {
+		$result = wpmu_activate_signup( $key );
+	}
+}
+
+if ( $result === null && isset( $_COOKIE[ $activate_cookie ] ) ) {
+	$key    = $_COOKIE[ $activate_cookie ];
+	$result = wpmu_activate_signup( $key );
+	setcookie( $activate_cookie, ' ', time() - YEAR_IN_SECONDS, $activate_path, COOKIE_DOMAIN, is_ssl(), true );
+}
+
+if ( $result === null || ( is_wp_error( $result ) && 'invalid_key' === $result->get_error_code() ) ) {
+	status_header( 404 );
+} elseif ( is_wp_error( $result ) ) {
+	$error_code = $result->get_error_code();
+
+	if ( ! in_array( $error_code, $valid_error_codes ) ) {
+		status_header( 400 );
+	}
+}
+
 nocache_headers();

 if ( is_object( $wp_object_cache ) ) {
@@ -70,15 +112,14 @@ function wpmu_activate_stylesheet() {
 	<?php
 }
 add_action( 'wp_head', 'wpmu_activate_stylesheet' );
+add_action( 'wp_head', 'wp_sensitive_page_meta' );

 get_header( 'wp-activate' );
 ?>

 <div id="signup-content" class="widecolumn">
 	<div class="wp-activate-container">
-	<?php
-	if ( empty( $_GET['key'] ) && empty( $_POST['key'] ) ) {
-		?>
+	<?php if ( ! $key ) { ?>

 		<h2><?php _e( 'Activation Key Required' ); ?></h2>
 		<form name="activateform" id="activateform" method="post" action="<?php echo network_site_url( 'wp-activate.php' ); ?>">
@@ -92,47 +133,44 @@ get_header( 'wp-activate' );
 		</form>

 		<?php
-	} else {
-
-		$key    = ! empty( $_GET['key'] ) ? $_GET['key'] : $_POST['key'];
-		$result = wpmu_activate_signup( $key );
-		if ( is_wp_error( $result ) ) {
-			if ( 'already_active' == $result->get_error_code() || 'blog_taken' == $result->get_error_code() ) {
-				$signup = $result->get_error_data();
-				?>
-				<h2><?php _e( 'Your account is now active!' ); ?></h2>
-					<?php
-					echo '<p class="lead-in">';
-					if ( $signup->domain . $signup->path == '' ) {
-						printf(
-							/* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
-							__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
-							network_site_url( 'wp-login.php', 'login' ),
-							$signup->user_login,
-							$signup->user_email,
-							wp_lostpassword_url()
-						);
-					} else {
-						printf(
-							/* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
-							__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
-							sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
-							$signup->user_login,
-							$signup->user_email,
-							wp_lostpassword_url()
-						);
-					}
-					echo '</p>';
+} else {
+	if ( is_wp_error( $result ) && in_array( $result->get_error_code(), $valid_error_codes ) ) {
+		$signup = $result->get_error_data();
+		?>
+			<h2><?php _e( 'Your account is now active!' ); ?></h2>
+			<?php
+			echo '<p class="lead-in">';
+			if ( $signup->domain . $signup->path == '' ) {
+				printf(
+					/* translators: 1: login URL, 2: username, 3: user email, 4: lost password URL */
+					__( 'Your account has been activated. You may now <a href="%1$s">log in</a> to the site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
+					network_site_url( 'wp-login.php', 'login' ),
+					$signup->user_login,
+					$signup->user_email,
+					wp_lostpassword_url()
+				);
 			} else {
-				?>
-				<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
-				<p><?php echo $result->get_error_message(); ?></p>
-				<?php
+				printf(
+					/* translators: 1: site URL, 2: username, 3: user email, 4: lost password URL */
+					__( 'Your site at %1$s is active. You may now log in to your site using your chosen username of &#8220;%2$s&#8221;. Please check your email inbox at %3$s for your password and login instructions. If you do not receive an email, please check your junk or spam folder. If you still do not receive an email within an hour, you can <a href="%4$s">reset your password</a>.' ),
+					sprintf( '<a href="http://%1$s">%1$s</a>', $signup->domain ),
+					$signup->user_login,
+					$signup->user_email,
+					wp_lostpassword_url()
+				);
 			}
-		} else {
-			$url  = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
-			$user = get_userdata( (int) $result['user_id'] );
-			?>
+			echo '</p>';
+	} elseif ( $result === null || is_wp_error( $result ) ) {
+		?>
+			<h2><?php _e( 'An error occurred during the activation' ); ?></h2>
+			<?php if ( is_wp_error( $result ) ) : ?>
+				<p><?php echo $result->get_error_message(); ?></p>
+			<?php endif; ?>
+			<?php
+	} else {
+		$url  = isset( $result['blog_id'] ) ? get_home_url( (int) $result['blog_id'] ) : '';
+		$user = get_userdata( (int) $result['user_id'] );
+		?>
 			<h2><?php _e( 'Your account is now active!' ); ?></h2>

 			<div id="signup-welcome">
@@ -161,9 +199,9 @@ get_header( 'wp-activate' );
 				</p>
 			<?php
 			endif;
-		}
 	}
-	?>
+}
+?>
 	</div>
 </div>
 <script type="text/javascript">