mirror of
https://github.com/WordPress/five-for-the-future.git
synced 2025-07-01 16:51:18 +03:00
Process the email confirmation & resending emails actions on both shortcodes.
This commit is contained in:
Kelly Dwan
parent
34826c9e55
commit
df89df9e50
|
|
@ -15,6 +15,11 @@ defined( 'WPINC' ) || die();
|
|||
add_shortcode( '5ftf_pledge_form_new', __NAMESPACE__ . '\render_form_new' );
|
||||
add_shortcode( '5ftf_pledge_form_manage', __NAMESPACE__ . '\render_form_manage' );
|
||||
|
||||
// Short-circuit out of both shortcodes for shared functionality (confirming admin email, resending the pledge
|
||||
// confirmation email).
|
||||
add_filter( 'pre_do_shortcode_tag', __NAMESPACE__ . '\process_confirmed_email', 10, 2 );
|
||||
add_filter( 'pre_do_shortcode_tag', __NAMESPACE__ . '\process_resend_confirm_email', 10, 2 );
|
||||
|
||||
/**
|
||||
* Render the form(s) for creating new pledges.
|
||||
*
|
||||
|
|
@ -38,18 +43,6 @@ function render_form_new() {
|
|||
} elseif ( is_int( $pledge_id ) ) {
|
||||
$complete = true;
|
||||
}
|
||||
} elseif ( 'confirm_pledge_email' === $action ) {
|
||||
$view = 'form-pledge-confirm-email.php';
|
||||
$pledge_id = filter_input( INPUT_GET, 'pledge_id', FILTER_VALIDATE_INT );
|
||||
$unverified_token = filter_input( INPUT_GET, 'auth_token', FILTER_SANITIZE_STRING );
|
||||
$email_confirmed = process_pledge_confirmation_email( $pledge_id, $action, $unverified_token );
|
||||
$pledge = get_post( $pledge_id );
|
||||
|
||||
} elseif ( filter_input( INPUT_GET, 'resend_pledge_confirmation' ) ) {
|
||||
$pledge_id = filter_input( INPUT_GET, 'pledge_id', FILTER_VALIDATE_INT );
|
||||
$complete = true;
|
||||
|
||||
Email\send_pledge_confirmation_email( $pledge_id, get_post()->ID );
|
||||
}
|
||||
|
||||
ob_start();
|
||||
|
|
@ -106,44 +99,6 @@ function process_form_new() {
|
|||
return $new_pledge_id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process a request to confirm a company's email address.
|
||||
*
|
||||
* @param int $pledge_id
|
||||
* @param string $action
|
||||
* @param array $unverified_token
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
function process_pledge_confirmation_email( $pledge_id, $action, $unverified_token ) {
|
||||
$meta_key = PledgeMeta\META_PREFIX . 'pledge-email-confirmed';
|
||||
$already_confirmed = get_post( $pledge_id )->$meta_key;
|
||||
|
||||
if ( $already_confirmed ) {
|
||||
/*
|
||||
* If they refresh the page after confirming, they'd otherwise get an error because the token had been
|
||||
* used, and might be confused and think that the address wasn't confirmed.
|
||||
*
|
||||
* This leaks the fact that the address is confirmed, because it will return true even if the token is
|
||||
* invalid, but there aren't any security/privacy implications of that.
|
||||
*/
|
||||
return true;
|
||||
}
|
||||
|
||||
$email_confirmed = Auth\is_valid_authentication_token( $pledge_id, $action, $unverified_token );
|
||||
|
||||
if ( $email_confirmed ) {
|
||||
update_post_meta( $pledge_id, $meta_key, true );
|
||||
wp_update_post( array(
|
||||
'ID' => $pledge_id,
|
||||
'post_status' => 'publish',
|
||||
) );
|
||||
Email\send_contributor_confirmation_emails( $pledge_id );
|
||||
}
|
||||
|
||||
return $email_confirmed;
|
||||
}
|
||||
|
||||
/**
|
||||
* Render the form(s) for managing existing pledges.
|
||||
*
|
||||
|
|
@ -189,7 +144,7 @@ function render_form_manage() {
|
|||
$contributors = Contributor\get_pledge_contributors_data( $pledge_id );
|
||||
|
||||
ob_start();
|
||||
$readonly = false;
|
||||
$readonly = false;
|
||||
$is_manage = true;
|
||||
require FiveForTheFuture\PATH . 'views/form-pledge-manage.php';
|
||||
|
||||
|
|
@ -224,7 +179,7 @@ function process_form_manage( $pledge_id, $auth_token ) {
|
|||
}
|
||||
|
||||
$submission = get_form_submission();
|
||||
$has_error = check_invalid_submission( $submission, 'update' );
|
||||
$has_error = check_invalid_submission( $submission, 'update' );
|
||||
if ( $has_error ) {
|
||||
return $has_error;
|
||||
}
|
||||
|
|
@ -260,6 +215,96 @@ function process_form_manage( $pledge_id, $auth_token ) {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process a request to confirm a company's email address.
|
||||
*
|
||||
* @param string|false $value Short-circuit return value.
|
||||
* @param string $tag Shortcode name.
|
||||
*
|
||||
* @return bool|string
|
||||
*/
|
||||
function process_confirmed_email( $value, $tag ) {
|
||||
if ( ! in_array( $tag, [ '5ftf_pledge_form_new', '5ftf_pledge_form_manage' ] ) ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$action = sanitize_text_field( $_REQUEST['action'] ?? '' );
|
||||
if ( 'confirm_pledge_email' !== $action ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$pledge_id = filter_input( INPUT_GET, 'pledge_id', FILTER_VALIDATE_INT );
|
||||
$auth_token = filter_input( INPUT_GET, 'auth_token', FILTER_SANITIZE_STRING );
|
||||
|
||||
$meta_key = PledgeMeta\META_PREFIX . 'pledge-email-confirmed';
|
||||
$already_confirmed = get_post( $pledge_id )->$meta_key;
|
||||
$email_confirmed = false;
|
||||
$is_new_pledge = '5ftf_pledge_form_new' === $tag;
|
||||
|
||||
if ( $already_confirmed ) {
|
||||
/*
|
||||
* If they refresh the page after confirming, they'd otherwise get an error because the token had been
|
||||
* used, and might be confused and think that the address wasn't confirmed.
|
||||
*
|
||||
* This leaks the fact that the address is confirmed, because it will return true even if the token is
|
||||
* invalid, but there aren't any security/privacy implications of that.
|
||||
*/
|
||||
$email_confirmed = true;
|
||||
}
|
||||
|
||||
$email_confirmed = Auth\is_valid_authentication_token( $pledge_id, $action, $auth_token );
|
||||
|
||||
if ( $email_confirmed ) {
|
||||
update_post_meta( $pledge_id, $meta_key, true );
|
||||
wp_update_post( array(
|
||||
'ID' => $pledge_id,
|
||||
'post_status' => 'publish',
|
||||
) );
|
||||
if ( $is_new_pledge ) {
|
||||
Email\send_contributor_confirmation_emails( $pledge_id );
|
||||
}
|
||||
}
|
||||
|
||||
ob_start();
|
||||
$directory_url = home_url( 'pledges' );
|
||||
$pledge = get_post( $pledge_id );
|
||||
require FiveForTheFuture\get_views_path() . 'form-pledge-confirm-email.php';
|
||||
return ob_get_clean();
|
||||
}
|
||||
|
||||
/**
|
||||
* Process a request to resed a company's confirmation email.
|
||||
*
|
||||
* @param string|false $value Short-circuit return value.
|
||||
* @param string $tag Shortcode name.
|
||||
*
|
||||
* @return bool|string
|
||||
*/
|
||||
function process_resend_confirm_email( $value, $tag ) {
|
||||
if ( ! in_array( $tag, [ '5ftf_pledge_form_new', '5ftf_pledge_form_manage' ] ) ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$action = sanitize_text_field( $_REQUEST['action'] ?? '' );
|
||||
if ( 'resend_pledge_confirmation' !== $action ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$pledge_id = filter_input( INPUT_GET, 'pledge_id', FILTER_VALIDATE_INT );
|
||||
Email\send_pledge_confirmation_email( $pledge_id, get_post()->ID );
|
||||
|
||||
$messages = array(
|
||||
sprintf(
|
||||
__( 'We’ve emailed you a new link to confirm your address for %s.', 'wporg-5ftf' ),
|
||||
get_the_title( $pledge_id )
|
||||
),
|
||||
);
|
||||
|
||||
ob_start();
|
||||
require FiveForTheFuture\get_views_path() . 'partial-result-messages.php';
|
||||
return ob_get_clean();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get and sanitize $_POST values from a form submission.
|
||||
*
|
||||
|
|
@ -278,7 +323,7 @@ function get_form_submission() {
|
|||
|
||||
$result = filter_input_array( INPUT_POST, $input_filters );
|
||||
if ( ! $result ) {
|
||||
$result = array_fill_keys( array_keys( $input_filters ), '' );
|
||||
$result = array_fill_keys( array_keys( $input_filters ), '' );
|
||||
$result['empty_post'] = true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,8 +4,9 @@ namespace WordPressDotOrg\FiveForTheFuture\View;
|
|||
use WP_Post;
|
||||
|
||||
/**
|
||||
* @var bool $email_confirmed
|
||||
* @var string $directory_url
|
||||
* @var bool $email_confirmed
|
||||
* @var bool $is_new_pledge
|
||||
* @var int $pledge_id
|
||||
* @var WP_Post|null $pledge
|
||||
*/
|
||||
|
|
@ -16,10 +17,17 @@ use WP_Post;
|
|||
<div class="notice notice-success notice-alt">
|
||||
<p>
|
||||
<?php
|
||||
printf(
|
||||
wp_kses_post( __( 'Thank you for confirming your address! We’ve emailed confirmation links to the contributors you mentioned, and your pledge will show up in <a href=\"%s\">the directory</a> once one contributor confirms their participation.', 'wporg-5ftf' ) ),
|
||||
esc_url( $directory_url )
|
||||
);
|
||||
if ( $is_new_pledge ) {
|
||||
printf(
|
||||
wp_kses_post( __( 'Thank you for confirming your address! We’ve emailed confirmation links to the contributors you mentioned, and your pledge will show up in <a href=\"%s\">the directory</a> once one contributor confirms their participation.', 'wporg-5ftf' ) ),
|
||||
esc_url( $directory_url )
|
||||
);
|
||||
} else {
|
||||
printf(
|
||||
wp_kses_post( __( 'Thank you for confirming your address! If you have confirmed contributors, your pledge is visible in <a href=\"%s\">the directory</a> again. Otherwise, your pledge wiill show up once one contributor confirms their participation.', 'wporg-5ftf' ) ),
|
||||
esc_url( $directory_url )
|
||||
);
|
||||
}
|
||||
?>
|
||||
</p>
|
||||
|
||||
|
|
@ -54,11 +62,11 @@ use WP_Post;
|
|||
|
||||
<form action="" method="get">
|
||||
<input type="hidden" name="pledge_id" value="<?php echo esc_attr( $pledge_id ); ?>" />
|
||||
<input type="hidden" name="action" value="resend_pledge_confirmation" />
|
||||
|
||||
<p>
|
||||
<input
|
||||
type="submit"
|
||||
name="resend_pledge_confirmation"
|
||||
value="Resend Confirmation"
|
||||
/>
|
||||
</p>
|
||||
|
|
|
|||
Loading…
Reference in a new issue