[wp-trac] [WordPress Trac] #25350: Make URL parameter for activation key parameter filterable
WordPress Trac
noreply at wordpress.org
Wed Sep 18 22:42:50 UTC 2013
#25350: Make URL parameter for activation key parameter filterable
--------------------------+-----------------------------
Reporter: boonebgorges | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Multisite | Version:
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-----------------------------
Comment (by boonebgorges):
https://www.youtube.com/watch?v=qileP4bAzek sums up the situation pretty
well.
> It does look like line 61 and 76 in wp-activate.php should be $_GET[
$key_param], no?
Oops, my bad. See 25350.02.patch.
> We could expand this to filter both they key and the URL, but key seems
most important now.
Yeah, that's a good idea, though not central to the bug in this ticket.
> In addition to the filter, it would make sense to change the default
parameter name to something that Office 365 does let through.
The problem with changing the default parameter is that it'll probably
break a fair number of sites. Some plugins (like BuddyPress) and probably
many more standalone installations use the
`'wpmu_signup_blog_notification_email'` and
`'wpmu_signup_user_notification_email'` to modify the default content of
the activation email. It's likely that in many of these cases, the
activation link is being built using the hardcoded string 'key'. I suppose
we could do something like 25350.03.patch, which would continue to support
the 'key' param where it's currently in use.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25350#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list