[wp-trac] [WordPress Trac] #63490: Non secure sudomain site url in site activation email
WordPress Trac
noreply at wordpress.org
Tue Jan 27 15:49:02 UTC 2026
#63490: Non secure sudomain site url in site activation email
-------------------------------------+------------------------------
Reporter: umesh.nevase | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 6.8
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by ozgursar):
== Reproduction Report
=== Environment
- WordPress: 7.0-alpha-61534
- PHP: 8.3.30
- Server: PHP.wasm
- Database: WP_SQLite_Driver (Server: 8.0.38 / Client: 3.51.0)
- Browser: Chrome 144.0.0.0
- OS: macOS
- Theme: Twenty Twenty-Five 1.4
- MU Plugins:
* Network Email Logger
- Plugins:
* Test Reports 1.2.1
=== Steps taken
1. Enabled Network site settings for `Both site and user registration`
2. Install a mu-plugin to check email-logs within the dashboard
3. Create /wp-content/mu-plugins/email-logger.php with the following
content
{{{
<?php
/**
* Plugin Name: Network Email Logger
* Description: Logs all emails sent across the network
* Network: true
*/
// Log all emails
add_filter('wp_mail', 'network_log_wp_mail', 999);
function network_log_wp_mail($args) {
// Store in network option (available across all sites)
$emails = get_site_option('network_emails_log', array());
$email_data = array(
'time' => current_time('mysql'),
'to' => $args['to'],
'subject' => $args['subject'],
'message' => $args['message'],
'headers' => $args['headers'] ?? '',
'site_id' => get_current_blog_id(),
);
// Keep last 50 emails
array_unshift($emails, $email_data);
$emails = array_slice($emails, 0, 50);
update_site_option('network_emails_log', $emails);
return $args;
}
// Add Network Admin menu to view emails
add_action('network_admin_menu', 'network_email_log_menu');
function network_email_log_menu() {
add_menu_page(
'Email Log',
'Email Log',
'manage_network',
'network-email-log',
'network_email_log_page',
'dashicons-email'
);
}
function network_email_log_page() {
$emails = get_site_option('network_emails_log', array());
echo '<div class="wrap">';
echo '<h1>Network Email Log</h1>';
if (isset($_POST['clear_log'])) {
delete_site_option('network_emails_log');
echo '<div class="notice notice-success"><p>Email log
cleared!</p></div>';
$emails = array();
}
echo '<form method="post" style="margin-bottom: 20px;">';
echo '<input type="submit" name="clear_log" class="button"
value="Clear Log">';
echo '</form>';
if (empty($emails)) {
echo '<p>No emails logged yet.</p>';
} else {
foreach ($emails as $email) {
echo '<div style="border: 1px solid #ccc; padding: 15px;
margin-bottom: 20px; background: #f9f9f9;">';
echo '<p><strong>Time:</strong> ' . esc_html($email['time']) .
'</p>';
echo '<p><strong>Site ID:</strong> ' .
esc_html($email['site_id']) . '</p>';
echo '<p><strong>To:</strong> ' .
esc_html(is_array($email['to']) ? implode(', ', $email['to']) :
$email['to']) . '</p>';
echo '<p><strong>Subject:</strong> ' .
esc_html($email['subject']) . '</p>';
echo '<p><strong>Message:</strong></p>';
echo '<pre style="background: white; padding: 10px;
overflow-x: auto;">' . esc_html($email['message']) . '</pre>';
echo '</div>';
}
}
echo '</div>';
}
}}}
4. Add a new site (subdomain)
5. Check email logs
6. 🐞 Bug occurs
=== Expected behavior
- Insecure URLs are present in the email logs.
=== Screenshots/Screencast with results
[[Image(https://i.imgur.com/VTLmtSs.png)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63490#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list