<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[10928] sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login: Login: Allow registrations with "low reCaptcha scores" to register, but go into a pending-moderation state.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/10928">10928</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/10928","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2021-04-27 04:24:21 +0000 (Tue, 27 Apr 2021)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Login: Allow registrations with "low reCaptcha scores" to register, but go into a pending-moderation state.
This will allow legitimate users who receive a "Please try again" error to be manually approved.
This will also allow us to experiment with more aggressive anti-spam measures, as the majority of current spam registrations are human generated.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginadminclassuserregistrationslisttablephp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/class-user-registrations-list-table.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginadminuiphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginfunctionsregistrationphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginfunctionsrestapiphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginpendingcreatephp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginpendingprofilephp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginregisterphp">sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginadminclassuserregistrationslisttablephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/class-user-registrations-list-table.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/class-user-registrations-list-table.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/class-user-registrations-list-table.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2,30 +2,121 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> class User_Registrations_List_Table extends WP_List_Table {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function get_views() {
+ global $wpdb;
+
+ $views = [
+ [
+ 'all',
+ 'All',
+ ],
+ [
+ 'pending',
+ 'Pending Email Confirmation',
+ ],
+ [
+ 'registered',
+ 'Completed registration',
+ ],
+ [
+ 'spam',
+ 'Caught in spam',
+ ],
+ [
+ 'akismet',
+ 'Akismet said no',
+ ]
+ ];
+
+ $default = 'all';
+ $current_view = $_REQUEST['view'] ?? $default;
+
+ if ( isset( $_GET['s'] ) ) {
+ $default = 'search';
+ $views[0] = [
+ 'search', 'All search results'
+ ];
+
+ array_unshift( $views, [ 'all', 'All' ] );
+
+ if ( 'all' === $current_view ) {
+ $current_view = 'search';
+ }
+ }
+
+ return array_map(
+ function( $item ) use ( $current_view ) {
+ global $wpdb;
+
+ $count = $wpdb->get_var(
+ "SELECT count(*) FROM {$wpdb->base_prefix}user_pending_registrations WHERE " .
+ $this->get_where_sql( $item[0] )
+ );
+
+ $url = admin_url( 'index.php?page=user-registrations' );
+ if ( !empty( $_GET['s'] ) && 'all' != $item[0] ) {
+ $url = add_query_arg( 's', urlencode( $_GET['s'] ), $url );
+ }
+
+ $url = add_query_arg( 'view', $item[0], $url );
+
+ return sprintf(
+ '<a href="%s" class="%s">%s <span class="count">(%s)</span></a>',
+ $url,
+ $current_view === $item[0] ? 'current' : '',
+ $item[1],
+ number_format_i18n( $count ),
+ );
+ }, $views
+ );
+ }
+
+ protected function get_view_sql_where( $view ) {
+ switch ( $view ) {
+ case 'pending':
+ return 'created = 0 AND cleared = 1';
+ case 'spam':
+ return 'cleared = 0';
+ case 'akismet':
+ return "meta LIKE '%akismet_result\":\"spam%'";
+ case 'registered':
+ return 'created = 1';
+ default:
+ case 'all':
+ return '1=1';
+ }
+ }
+
+ protected function get_where_sql( $view = null ) {
+ global $wpdb;
+
+ $where = $this->get_view_sql_where( $view ?: ( $_REQUEST['view'] ?? 'all' ) );
+
+ if ( isset( $_GET['s'] ) && 'all' != $view ) {
+ $search_like = '%' . $wpdb->esc_like( wp_unslash( $_GET['s'] ) ) . '%';
+ $where .= $wpdb->prepare(
+ " AND ( user_login LIKE %s OR user_email LIKE %s OR meta LIKE %s )",
+ $search_like, $search_like, $search_like
+ );
+ }
+
+ return $where;
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> function get_columns() {
</span><span class="cx" style="display: block; padding: 0 10px"> return [
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'pending_id' => 'ID',
- 'created' => 'Created',
</del><span class="cx" style="display: block; padding: 0 10px"> 'user_login' => 'User Login',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'user_email' => 'User Email',
- 'user_ip' => 'IP',
- 'scores' => 'reCaptcha',
- 'akismet' => 'Akismet',
- 'user_registered' => 'Registered Date',
- 'created_date' => 'Created Date',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'meta' => 'Meta',
+ 'scores' => 'Anti-spam<br>reCaptcha Akismet',
+ 'user_registered' => 'Registered',
</ins><span class="cx" style="display: block; padding: 0 10px"> ];
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> public function get_sortable_columns() {
</span><span class="cx" style="display: block; padding: 0 10px"> return [
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'pending_id' => array( 'pending_id', false ),
- 'created' => array( 'created', true ),
</del><span class="cx" style="display: block; padding: 0 10px"> 'user_login' => array( 'user_login', true ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'user_email' => array( 'user_email', true ),
</del><span class="cx" style="display: block; padding: 0 10px"> 'scores' => array( 'scores', true ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'akismet' => array( 'akismet', true ),
</del><span class="cx" style="display: block; padding: 0 10px"> 'user_registered' => array( 'user_registered', true ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'created_date' => array( 'created_date', true ),
</del><span class="cx" style="display: block; padding: 0 10px"> ];
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -51,14 +142,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $per_page = $this->get_items_per_page( 'users_per_page', 100 );
</span><span class="cx" style="display: block; padding: 0 10px"> $current_page = $this->get_pagenum();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $where = '1 = 1 ';
- if ( isset( $_GET['s'] ) ) {
- $search_like = '%' . $wpdb->esc_like( $_GET['s'] ) . '%';
- $where .= $wpdb->prepare(
- "AND ( user_login LIKE %s OR user_email LIKE %s OR meta LIKE %s )",
- $search_like, $search_like, $search_like
- );
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where = $this->get_where_sql();
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $per_page_offset = ($current_page-1) * $per_page;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -81,22 +165,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> echo esc_html( $item->$column_name );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- function column_created( $item ) {
- echo ( $item->created ? 'Yes' : 'No' );
-
- if ( ! $item->created ) {
- $url = add_query_arg(
- 'email',
- urlencode( $item->user_email ),
- admin_url( 'admin-post.php?action=login_resend_email' )
- );
- $url = wp_nonce_url( $url, 'resend_' . $item->user_email );
- echo $this->row_actions( [
- 'resend' => '<a href="' . esc_url( $url ) . '">Resend Email</a>',
- ] );
- }
- }
-
</del><span class="cx" style="display: block; padding: 0 10px"> function column_user_registered( $item ) {
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> '<abbr title="%s">%s ago</abbr>',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -103,17 +171,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> esc_attr( $item->user_registered ),
</span><span class="cx" style="display: block; padding: 0 10px"> human_time_diff( strtotime( $item->user_registered ) )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- function column_created_date( $item ) {
</del><span class="cx" style="display: block; padding: 0 10px"> if ( $item->created_date && '0000-00-00 00:00:00' !== $item->created_date ) {
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- '<abbr title="%s">%s ago</abbr>',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ '<br>Created: <abbr title="%s">%s ago</abbr>',
</ins><span class="cx" style="display: block; padding: 0 10px"> esc_attr( $item->created_date ),
</span><span class="cx" style="display: block; padding: 0 10px"> human_time_diff( strtotime( $item->created_date ) )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } else {
- echo ' ';
</del><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -121,12 +185,20 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $item->created ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $url = esc_url( 'https://profiles.wordpress.org/' . $item->user_login . '/' );
</span><span class="cx" style="display: block; padding: 0 10px"> echo "<a href='$url'>" . esc_html( $item->user_login ) . '</a>';
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if (
+ ( $user = get_user_by( 'login', $item->user_login ) ) &&
+ 'BLOCKED' === substr( $user->user_pass, 0, 7 )
+ ) {
+ echo ' <span class="delete-red">(blocked)</span>';
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="cx" style="display: block; padding: 0 10px"> echo esc_html( $item->user_login );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- function column_user_email( $item ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ echo '<hr>';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> list( $email_user, $domain ) = explode( '@', $item->user_email, 2 );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -135,10 +207,66 @@
</span><span class="cx" style="display: block; padding: 0 10px"> urlencode( $domain ),
</span><span class="cx" style="display: block; padding: 0 10px"> esc_html( $domain )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ $row_actions = [];
+
+ if ( ! $item->created && $item->cleared ) {
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_resend_email' )
+ );
+ $url = wp_nonce_url( $url, 'resend_' . $item->user_email );
+
+ $row_actions['resend'] = '<a href="' . esc_url( $url ) . '">Resend Email</a>';
+ }
+
+ if ( ! $item->created ) {
+ if ( $item->user_activation_key ) {
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_block' )
+ );
+ $url = wp_nonce_url( $url, 'block_' . $item->user_email );
+
+ $row_actions['block'] = '<a href="' . esc_url( $url ) . '">Block Registration</a>';
+ }
+
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_delete' )
+ );
+ $url = wp_nonce_url( $url, 'delete_' . $item->user_email );
+
+ $row_actions['delete'] = '<a href="' . esc_url( $url ) . '">Delete</a>';
+
+ } else {
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_block_account' )
+ );
+ $url = wp_nonce_url( $url, 'block_account_' . $item->user_email );
+
+ if (
+ ! ( $user = get_user_by( 'login', $item->user_login ) ) ||
+ 'BLOCKED' !== substr( $user->user_pass, 0, 7 )
+ ) {
+ $row_actions['block-account'] = '<a href="' . esc_url( $url ) . '">Block Account</a>';
+ }
+
+ }
+
+ if ( $row_actions ) {
+ echo $this->row_actions( $row_actions );
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- function column_user_ip( $item ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ function column_meta( $item ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $meta = json_decode( $item->meta );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> echo implode( ', ',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -157,9 +285,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ] ) )
</span><span class="cx" style="display: block; padding: 0 10px"> )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ echo '<hr>';
+
+ foreach ( [ 'url', 'from', 'occ', 'interests' ] as $field ) {
+ if ( !empty( $meta->$field ) ) {
+ printf( "%s: %s<br>", esc_html( $field ), esc_html( $meta->$field ) );
+ }
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> function column_scores( $item ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ echo ( $item->cleared ? 'Passed' : 'Failed' ) . '<br>';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> foreach ( json_decode( $item->scores ) as $type => $val ) {
</span><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> '<abbr title="%s">%s</abbr> ',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -167,12 +305,43 @@
</span><span class="cx" style="display: block; padding: 0 10px"> esc_html( $val )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- }
</del><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- function column_akismet( $item ) {
- $meta = json_decode( $item->meta, true );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $meta = json_decode( $item->meta );
+ $akismet = $meta->akismet_result ?? '';
+ if ( $akismet ) {
+ printf(
+ '<abbr title="%s">%s</abbr> ',
+ esc_attr( 'Akismet' ),
+ esc_html( strtolower( $akismet ) )
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- echo $meta['akismet_result'] ?? '';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $row_actions = [];
+
+ if ( ! $item->created && $item->user_activation_key ) {
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_block' )
+ );
+ $url = wp_nonce_url( $url, 'block_' . $item->user_email );
+
+ $row_actions['block'] = '<a href="' . esc_url( $url ) . '">Block Registration</a>';
+ }
+
+ if ( ! $item->cleared ) {
+ $url = add_query_arg(
+ 'email',
+ urlencode( $item->user_email ),
+ admin_url( 'admin-post.php?action=login_mark_as_cleared' )
+ );
+ $url = wp_nonce_url( $url, 'clear_' . $item->user_email );
+ $row_actions['approve-reg'] = '<a href="' . esc_url( $url ) . '">Approve</a>';
+ }
+
+ if ( $row_actions ) {
+ echo $this->row_actions( $row_actions );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginadminuiphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/admin/ui.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -12,11 +12,49 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> });
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+function wporg_login_admin_action_text( $action ) {
+ switch ( $action ) {
+ case 'resent-email':
+ return 'The registration email has been resent.';
+ case 'approved':
+ return 'The registration has been approved, and a confirmation email has been sent.';
+ case 'deleted':
+ return 'The registration record has been removed.';
+ case 'blocked':
+ return 'The registration has been blocked.';
+ case 'blocked_account':
+ return 'Account blocked.';
+ default:
+ return 'Action performed.';
+ }
+}
+
</ins><span class="cx" style="display: block; padding: 0 10px"> function wporg_login_admin_page() {
</span><span class="cx" style="display: block; padding: 0 10px"> $wp_list_table = new User_Registrations_List_Table();
</span><span class="cx" style="display: block; padding: 0 10px"> $wp_list_table->prepare_items();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- echo '<style>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ ?><script>
+ jQuery( document ).ready( function($) {
+ $( 'table .row-actions a' ).click( function( e ) {
+ e.preventDefault();
+
+ var $this = $(this),
+ $tr = $this.parents('tr'),
+ $tds = $tr.find( 'td:not(:first)' );
+
+ $tds.remove();
+ $tr.find( '.row-actions' ).remove();
+ $tr.append( "<td colspan=" + $tds.length + ">...</td>" );
+
+ var url = $this.prop('href') + '&ajax=1';
+
+ $.get( url, function( data ) {
+ $tr.find('td:last').text( data );
+ } );
+ });
+ } );
+ </script>
+ <style>
</ins><span class="cx" style="display: block; padding: 0 10px"> table.dashboard_page_user-registrations td > a {
</span><span class="cx" style="display: block; padding: 0 10px"> color: inherit;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -23,20 +61,26 @@
</span><span class="cx" style="display: block; padding: 0 10px"> table.dashboard_page_user-registrations td > a:hover {
</span><span class="cx" style="display: block; padding: 0 10px"> text-decoration: underline;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- </style>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ table.dashboard_page_user-registrations .delete-red {
+ color: #b32d2e;
+ }
+ </style>
+ <?php
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> echo '<div class="wrap">';
</span><span class="cx" style="display: block; padding: 0 10px"> echo '<h1 class="wp-heading-inline">Pending User Registrations</h1>';
</span><span class="cx" style="display: block; padding: 0 10px"> echo '<hr class="wp-header-end">';
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( isset( $_REQUEST['resent-email'] ) ) {
- echo '<div class="updated notice"><p>The registration email has been resent.</p></div>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( isset( $_GET['action'] ) ) {
+ echo '<div class="updated notice"><p>';
+ echo wporg_login_admin_action_text( $_GET['action'] );
+ echo '</p></div>';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> echo '<form>';
</span><span class="cx" style="display: block; padding: 0 10px"> printf( '<input type="hidden" name="page" value="%s">', esc_attr( $_GET['page'] ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- //$wp_list_table->views();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $wp_list_table->views();
</ins><span class="cx" style="display: block; padding: 0 10px"> $wp_list_table->search_box( 'Search', 's' );
</span><span class="cx" style="display: block; padding: 0 10px"> $wp_list_table->display();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -57,10 +101,136 @@
</span><span class="cx" style="display: block; padding: 0 10px"> wporg_login_send_confirmation_email( $email );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( isset( $_GET['ajax'] ) ) {
+ die( wporg_login_admin_action_text( 'resent-email' ) );
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_safe_redirect( add_query_arg(
</span><span class="cx" style="display: block; padding: 0 10px"> 's',
</span><span class="cx" style="display: block; padding: 0 10px"> urlencode( $email ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&resent-email=true'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=resent-email'
</ins><span class="cx" style="display: block; padding: 0 10px"> ) );
</span><span class="cx" style="display: block; padding: 0 10px"> exit;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-});
</del><span class="cx" style="display: block; padding: 0 10px">\ No newline at end of file
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+} );
+
+add_action( 'admin_post_login_mark_as_cleared', function() {
+ if ( ! current_user_can( 'manage_users' ) ) {
+ wp_die();
+ }
+
+ $email = $_REQUEST['email'] ?? '';
+
+ check_admin_referer( 'clear_' . $email );
+
+ $user = wporg_get_pending_user( $email );
+ if ( $user ) {
+ $user['cleared'] = 2;
+ wporg_update_pending_user( $user );
+
+ wporg_login_send_confirmation_email( $user['user_email'] );
+ }
+
+ if ( isset( $_GET['ajax'] ) ) {
+ die( wporg_login_admin_action_text( 'approved' ) );
+ }
+
+ wp_safe_redirect( add_query_arg(
+ 's',
+ urlencode( $email ),
+ 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=approved'
+ ) );
+ exit;
+} );
+
+add_action( 'admin_post_login_block', function() {
+ if ( ! current_user_can( 'manage_users' ) ) {
+ wp_die();
+ }
+
+ $email = $_REQUEST['email'] ?? '';
+
+ check_admin_referer( 'block_' . $email );
+
+ $user = wporg_get_pending_user( $email );
+ if ( $user ) {
+ $user['cleared'] = 0;
+ $user['user_activation_key'] = '';
+ $user['user_profile_key'] = '';
+
+ wporg_update_pending_user( $user );
+ }
+
+ if ( isset( $_GET['ajax'] ) ) {
+ die( wporg_login_admin_action_text( 'blocked' ) );
+ }
+
+ wp_safe_redirect( add_query_arg(
+ 's',
+ urlencode( $email ),
+ 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=blocked'
+ ) );
+ exit;
+} );
+
+add_action( 'admin_post_login_delete', function() {
+ if ( ! current_user_can( 'manage_users' ) ) {
+ wp_die();
+ }
+
+ $email = $_REQUEST['email'] ?? '';
+
+ check_admin_referer( 'delete_' . $email );
+
+ $user = wporg_get_pending_user( $email );
+ if ( $user ) {
+ wporg_delete_pending_user( $user );
+ }
+
+ if ( isset( $_GET['ajax'] ) ) {
+ die( wporg_login_admin_action_text( 'deleted' ) );
+ }
+
+ wp_safe_redirect( add_query_arg(
+ 's',
+ urlencode( $email ),
+ 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=deleted'
+ ) );
+ exit;
+} );
+
+add_action( 'admin_post_login_block_account', function() {
+ if ( ! current_user_can( 'manage_users' ) ) {
+ wp_die();
+ }
+
+ $email = $_REQUEST['email'] ?? '';
+
+ check_admin_referer( 'block_account_' . $email );
+
+ $user = get_user_by( 'email', $email );
+ if ( $user && defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) {
+ // Load the support forums..
+ include_once WP_PLUGIN_DIR . '/bbpress/bbpress.php';
+ include_once WP_PLUGIN_DIR . '/support-forums/support-forums.php';
+
+ // Then switch to it (Must be done after bbPress is loaded to get roles)
+ switch_to_blog( WPORG_SUPPORT_FORUMS_BLOGID );
+
+ // Set the user to blocked. Support forum hooks will take care of the rest.
+ bbp_set_user_role( $user->ID, bbp_get_blocked_role() );
+
+ restore_current_blog();
+ }
+
+ if ( isset( $_GET['ajax'] ) ) {
+ die( wporg_login_admin_action_text( 'blocked_account' ) );
+ }
+
+ wp_safe_redirect( add_query_arg(
+ 's',
+ urlencode( $email ),
+ 'https://login.wordpress.org/wp-admin/index.php?page=user-registrations&action=blocked_account'
+ ) );
+ exit;
+} );
+
</ins></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginfunctionsregistrationphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-registration.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,6 +1,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-function wporg_login_check_recapcha_status( $check_v3_action = false ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+function wporg_login_check_recapcha_status( $check_v3_action = false, $block_low_scores = true ) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // reCaptcha V3 Checks
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $check_v3_action ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -21,7 +21,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Block super-low scores.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $block_low_scores && (float)$result['score'] < (float) get_option( 'recaptcha_v3_threshold', 0.2 ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -121,6 +121,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $pending_user['meta']['akismet_result'] = wporg_login_check_akismet( $user_login, $user_email );
+
+ $pending_user['cleared'] = (
+ 'spam' !== $pending_user['meta']['akismet_result'] &&
+ (float)$pending_user['scores']['pending'] >= (float) get_option( 'recaptcha_v3_threshold', 0.2 )
+ );
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $inserted = wporg_update_pending_user( $pending_user );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! $inserted ) {
</span><span class="cx" style="display: block; padding: 0 10px"> wp_die( __( 'Error! Something went wrong with your registration. Try again?', 'wporg' ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -146,7 +153,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $user = wporg_get_pending_user( $user );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! $user || $user['created'] ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! $user || $user['created'] || ! $user['cleared'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -231,6 +238,19 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+function wporg_delete_pending_user( $pending_user ) {
+ global $wpdb;
+
+ if ( empty( $pending_user['pending_id'] ) ) {
+ return false;
+ }
+
+ return $wpdb->delete(
+ "{$wpdb->base_prefix}user_pending_registrations",
+ array( 'pending_id' => $pending_user['pending_id'] )
+ );
+}
+
</ins><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Create a user record from a pending record.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginfunctionsrestapiphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -121,7 +121,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $pending_user = wporg_get_pending_user( $request['account'] );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! $pending_user || $pending_user['created'] ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! $pending_user || $pending_user['created'] || ! $pending_user['user_activation_key'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return $success_message;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginpendingcreatephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-create.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,16 +5,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @package wporg-login
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-// Clear the pending cookies, they're no longer needed.
-if ( isset( $_COOKIE['wporg_profile_user'] ) ) {
- setcookie( 'wporg_profile_user', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
- setcookie( 'wporg_profile_key', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
-}
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$sso = WPOrg_SSO::get_instance();
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Migrate to cookies.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if ( !empty( WP_WPOrg_SSO::$matched_route_params['confirm_user'] ) ) {
- setcookie( 'wporg_confirm_user', WP_WPOrg_SSO::$matched_route_params['confirm_user'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
- setcookie( 'wporg_confirm_key', WP_WPOrg_SSO::$matched_route_params['confirm_key'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if ( !empty( $sso::$matched_route_params['confirm_user'] ) ) {
+ setcookie( 'wporg_confirm_user', $sso::$matched_route_params['confirm_user'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
+ setcookie( 'wporg_confirm_key', $sso::$matched_route_params['confirm_key'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> wp_safe_redirect( '/register/create' );
</span><span class="cx" style="display: block; padding: 0 10px"> die();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -59,19 +55,34 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $pending_user = wporg_get_pending_user( $activation_user );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$error_recapcha_status = false;
+if ( isset( $_POST['user_pass'] ) && 2 !== $pending_user['cleared'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$error_recapcha_status = $error_akismet = false;
-if ( isset( $_POST['user_pass'] ) ) {
-
</del><span class="cx" style="display: block; padding: 0 10px"> // Check reCaptcha status
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! wporg_login_check_recapcha_status( 'pending_create' ) ) {
- // No no. "Please try again."
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! wporg_login_check_recapcha_status( 'pending_create', false ) ) {
+ unset( $_POST['user_pass'] );
</ins><span class="cx" style="display: block; padding: 0 10px"> $error_recapcha_status = true;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- unset( $_POST['user_pass'] );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ // Allow a recaptcha fail to try again, but if they're blocked due to low score, mark them as needing approval.
+ if ( ! wporg_login_check_recapcha_status( 'pending_create', true ) ) {
+ $pending_user['cleared'] = 0;
+ }
+
+ // Store for reference.
+ if ( isset( $_POST['_reCaptcha_v3_token'] ) ) {
+ $recaptcha_api = wporg_login_recaptcha_api(
+ $_POST['_reCaptcha_v3_token'],
+ RECAPTCHA_V3_PRIVKEY
+ );
+ $pending_user['scores']['create_attempt'] = -1;
+ if ( $recaptcha_api && $recaptcha_api['success'] && 'pending_create' == $recaptcha_api['action'] ) {
+ $pending_user['scores']['create_attempt'] = $recaptcha_api['score'];
+ }
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Check Akismet
- $akismet = wporg_login_check_akismet(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Check Akismet with new profile information
+ $pending_user['meta']['akismet_result'] = wporg_login_check_akismet(
</ins><span class="cx" style="display: block; padding: 0 10px"> $pending_user['user_login'],
</span><span class="cx" style="display: block; padding: 0 10px"> $pending_user['user_email'],
</span><span class="cx" style="display: block; padding: 0 10px"> $pending_user['meta']['url'] ?? '',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -82,16 +93,22 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ] )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Store for reference.
- $pending_user['meta']['akismet_result'] = $akismet;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( 'spam' === $pending_user['meta']['akismet_result'] ) {
+ $pending_user['cleared'] = 0;
+ unset( $_POST['user_pass'] );
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> wporg_update_pending_user( $pending_user );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+}
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( 'spam' == $akismet ) {
- // No no. "Please try again."
- $error_akismet = true;
- unset( $_POST['user_pass'] );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if ( ! $pending_user['cleared'] ) {
+ if ( ! empty( $_COOKIE['wporg_profile_user'] ) ) {
+ // Throw the user back to the pending screen after being detected as spam at this point.
+ wp_safe_redirect( '/register/create-profile/' );
+ die();
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ unset( $_POST['user_pass'] );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( isset( $_POST['user_pass'] ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -100,6 +117,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $pending_user && ! $pending_user['created'] ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $user = wporg_login_create_user_from_pending( $pending_user, $user_pass );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $user ) {
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ // Clear the cookies, they're no longer needed.
+ setcookie( 'wporg_profile_user', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
+ setcookie( 'wporg_profile_key', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</ins><span class="cx" style="display: block; padding: 0 10px"> setcookie( 'wporg_confirm_user', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</span><span class="cx" style="display: block; padding: 0 10px"> setcookie( 'wporg_confirm_key', false, time()-DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -120,18 +141,32 @@
</span><span class="cx" style="display: block; padding: 0 10px"> get_header();
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<p class="intro">
-<?php _e( 'Set your password and complete your WordPress.org Profile information.', 'wporg' ); ?>
-</p>
-
</del><span class="cx" style="display: block; padding: 0 10px"> <form name="registerform" id="registerform" action="" method="post">
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p class="login-login">
- <label for="user_login"><?php _e( 'Username', 'wporg' ); ?></label>
- <input type="text" disabled="disabled" class=" disabled" value="<?php echo esc_attr( $activation_user ); ?>" size="20" />
- </p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <?php if ( ! $pending_user['cleared'] ) { ?>
+ <div class="message info">
+ <p><?php
+ printf(
+ /* translators: %s Email address */
+ __( 'Your account is pending approval. You will receive an email at %s to set your password when approved.', 'wporg' ) . '<br>' .
+ __( 'Please contact %s for more details.', 'wporg' ),
+ '<code>' . esc_html( $pending_user['user_email'] ) . '</code>',
+ '<a href="mailto:' . $sso::SUPPORT_EMAIL . '">' . $sso::SUPPORT_EMAIL . '</a>'
+ );
+ ?></p>
+ </div>
+ <?php } ?>
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <div class="user-pass1-wrap">
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p class="intro">
+ <?php _e( 'Set your password and complete your WordPress.org Profile information.', 'wporg' ); ?>
+ </p>
+
+ <p class="login-login">
+ <label for="user_login"><?php _e( 'Username', 'wporg' ); ?></label>
+ <input type="text" disabled="disabled" class=" disabled" value="<?php echo esc_attr( $activation_user ); ?>" size="20" />
+ </p>
+
+ <div class="user-pass1-wrap">
</ins><span class="cx" style="display: block; padding: 0 10px"> <p>
</span><span class="cx" style="display: block; padding: 0 10px"> <label for="pass1"><?php _e( 'Password', 'wporg' ); ?></label>
</span><span class="cx" style="display: block; padding: 0 10px"> </p>
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -144,14 +179,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> </div>
</span><span class="cx" style="display: block; padding: 0 10px"> </div>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<!-- <p class="description indicator-hint"><?php _e( 'Hint: The password should be at least twelve characters long. To make it stronger, use upper and lower case letters, numbers, and symbols like ! " ? $ % ^ & ).', 'wporg' ); ?></p> -->
-
</del><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> $fields = &$pending_user['meta'];
</span><span class="cx" style="display: block; padding: 0 10px"> include __DIR__ . '/partials/register-profilefields.php';
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( $error_recapcha_status || $error_akismet ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $error_recapcha_status ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> echo '<div class="message error"><p>' . __( 'Please try again.', 'wporg' ) . '</p></div>';
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginpendingprofilephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/pending-profile.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5,10 +5,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @package wporg-login
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$sso = WPOrg_SSO::get_instance();
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // Migrate to cookies.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-if ( !empty( WP_WPOrg_SSO::$matched_route_params['profile_user'] ) ) {
- setcookie( 'wporg_profile_user', WP_WPOrg_SSO::$matched_route_params['profile_user'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
- setcookie( 'wporg_profile_key', WP_WPOrg_SSO::$matched_route_params['profile_key'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+if ( !empty( $sso::$matched_route_params['profile_user'] ) ) {
+ setcookie( 'wporg_profile_user', $sso::$matched_route_params['profile_user'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
+ setcookie( 'wporg_profile_key', $sso::$matched_route_params['profile_key'], time()+DAY_IN_SECONDS, '/register/', 'login.wordpress.org', true, true );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> wp_safe_redirect( '/register/create-profile' );
</span><span class="cx" style="display: block; padding: 0 10px"> die();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -53,6 +55,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <div class="message info">
</span><span class="cx" style="display: block; padding: 0 10px"> <p><?php
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $pending_user['cleared'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> printf(
</span><span class="cx" style="display: block; padding: 0 10px"> /* translators: %s Email address */
</span><span class="cx" style="display: block; padding: 0 10px"> __( 'Please check your email %s for a confirmation link to set your password.', 'wporg' ) . '<br>' .
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -60,11 +63,20 @@
</span><span class="cx" style="display: block; padding: 0 10px"> '<code>' . esc_html( $pending_user['user_email'] ) . '</code>',
</span><span class="cx" style="display: block; padding: 0 10px"> esc_attr( $pending_user['user_email'] )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ } else {
+ printf(
+ /* translators: %s Email address */
+ __( 'Your account is pending approval. You will receive an email at %s to set your password when approved.', 'wporg' ) . '<br>' .
+ __( 'Please contact %s for more details.', 'wporg' ),
+ '<code>' . esc_html( $pending_user['user_email'] ) . '</code>',
+ '<a href="mailto:' . $sso::SUPPORT_EMAIL . '">' . $sso::SUPPORT_EMAIL . '</a>'
+ );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> ?></p>
</span><span class="cx" style="display: block; padding: 0 10px"> </div>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p class="intro">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <?php _e( 'Complete your WordPress.org Profile information.', 'wporg' ); ?>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <?php _e( 'Complete your WordPress.org Profile information.', 'wporg' ); ?>
</ins><span class="cx" style="display: block; padding: 0 10px"> </p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <p class="login-login">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -72,7 +84,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <input type="text" disabled="disabled" class=" disabled" value="<?php echo esc_attr( $profile_user ); ?>" size="20" />
</span><span class="cx" style="display: block; padding: 0 10px"> </p>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> $fields = &$pending_user['meta'];
</span><span class="cx" style="display: block; padding: 0 10px"> include __DIR__ . '/partials/register-profilefields.php';
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentthemespubwporgloginregisterphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php 2021-04-27 03:08:01 UTC (rev 10927)
+++ sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/register.php 2021-04-27 04:24:21 UTC (rev 10928)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -14,7 +14,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $user_login = trim( WP_WPOrg_SSO::$matched_route_params['user'] );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-$error_user_login = $error_user_email = $error_recapcha_status = $error_akismet = $terms_of_service_error = false;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+$error_user_login = $error_user_email = $error_recapcha_status = $terms_of_service_error = false;
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( $_POST ) {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $error_user_login = rest_do_request( new WP_REST_Request( 'GET', '/wporg/v1/username-available/' . $user_login ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -33,24 +33,20 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // handle user registrations.
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! $error_user_login && ! $error_user_email && ! $terms_of_service_error ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! wporg_login_check_recapcha_status( 'register' ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ $recaptcha = wporg_login_check_recapcha_status( 'register', false /* Allow low scores to pass through */ );
+
+ if ( ! $recaptcha ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $error_recapcha_status = true;
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $akismet = wporg_login_check_akismet( $user_login, $user_email );
-
</del><span class="cx" style="display: block; padding: 0 10px"> $tos_meta_key = WPOrg_SSO::TOS_USER_META_KEY;
</span><span class="cx" style="display: block; padding: 0 10px"> $meta = [
</span><span class="cx" style="display: block; padding: 0 10px"> 'user_mailinglist' => $user_mailinglist,
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'akismet_result' => $akismet,
</del><span class="cx" style="display: block; padding: 0 10px"> $tos_meta_key => $terms_of_service,
</span><span class="cx" style="display: block; padding: 0 10px"> ];
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( 'spam' === $akismet ) {
- $error_akismet = true;
- } else {
- wporg_login_create_pending_user( $user_login, $user_email, $meta );
- die();
- }
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ wporg_login_create_pending_user( $user_login, $user_email, $meta );
+ die();
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -122,7 +118,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> </label>
</span><span class="cx" style="display: block; padding: 0 10px"> </p>
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( $error_recapcha_status || $error_akismet ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $error_recapcha_status ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> echo '<div class="message error"><p>' . __( 'Please try again.', 'wporg' ) . '</p></div>';
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> ?>
</span></span></pre>
</div>
</div>
</body>
</html>