diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-01-29 13:50:14 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-01-29 13:50:14 +0000 |
| commit | 212a5e08adf2de7ae43241086a1bdf59e00d3f3e (patch) | |
| tree | 2eb50d872b81e1b831f974276741973458028fbd | |
| parent | 6ad8b01a0f23573913698e5bf2465006491afa26 (diff) | |
| download | brdo-212a5e08adf2de7ae43241086a1bdf59e00d3f3e.tar.gz brdo-212a5e08adf2de7ae43241086a1bdf59e00d3f3e.tar.bz2 | |
- Patch #660302 by reglogge, samhassell, agentrickard, jhodgdon: registration e-mails should not contain passwords.
| -rw-r--r-- | modules/user/user.admin.inc | 34 | ||||
| -rw-r--r-- | modules/user/user.module | 133 | ||||
| -rw-r--r-- | modules/user/user.test | 4 |
3 files changed, 87 insertions, 84 deletions
diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index 46a5ab1fe..bbce9b62b 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -423,7 +423,7 @@ function user_admin_settings() { ); // These email tokens are shared for all settings, so just define // the list once to help ensure they stay in sync. - $email_token_help = t('Available variables are:') . ' [site:name], [site:url], [user:name], [user:mail], [site:login-url], [user:edit-url], [user:password], [user:one-time-login-url], [user:cancel-url].'; + $email_token_help = t('You can use the following tokens in your e-mail message text: !site-name-token, !site-url-token, !user-name-token, !user-mail-token, !site-login-url-token, !user-edit-url-token, !user-one-time-login-url-token, !user-cancel-url-token', array('!site-name-token' => '[site:name]', '!site-url-token' => '[site:url]', '!user-name-token' => '[user:name]', '!user-mail-token' => '[user:mail]', '!site-login-url-token' => '[site:login-url]', '!user-edit-url-token' => '[user:edit-url]', '!user-one-time-login-url-token' => '[user:one-time-login-url]', '!user-cancel-url-token' => '[user:cancel-url]')); $form['email_admin_created'] = array( '#type' => 'fieldset', @@ -436,13 +436,13 @@ function user_admin_settings() { $form['email_admin_created']['user_mail_register_admin_created_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('register_admin_created_subject'), + '#default_value' => _user_mail_text('register_admin_created_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_admin_created']['user_mail_register_admin_created_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('register_admin_created_body'), + '#default_value' => _user_mail_text('register_admin_created_body', NULL, array(), FALSE), '#rows' => 15, ); @@ -457,13 +457,13 @@ function user_admin_settings() { $form['email_pending_approval']['user_mail_register_pending_approval_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('register_pending_approval_subject'), + '#default_value' => _user_mail_text('register_pending_approval_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_pending_approval']['user_mail_register_pending_approval_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('register_pending_approval_body'), + '#default_value' => _user_mail_text('register_pending_approval_body', NULL, array(), FALSE), '#rows' => 8, ); @@ -478,13 +478,13 @@ function user_admin_settings() { $form['email_no_approval_required']['user_mail_register_no_approval_required_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('register_no_approval_required_subject'), + '#default_value' => _user_mail_text('register_no_approval_required_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_no_approval_required']['user_mail_register_no_approval_required_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('register_no_approval_required_body'), + '#default_value' => _user_mail_text('register_no_approval_required_body', NULL, array(), FALSE), '#rows' => 15, ); @@ -500,13 +500,13 @@ function user_admin_settings() { $form['email_password_reset']['user_mail_password_reset_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('password_reset_subject'), + '#default_value' => _user_mail_text('password_reset_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_password_reset']['user_mail_password_reset_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('password_reset_body'), + '#default_value' => _user_mail_text('password_reset_body', NULL, array(), FALSE), '#rows' => 12, ); @@ -535,13 +535,13 @@ function user_admin_settings() { $form['email_activated']['settings']['user_mail_status_activated_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('status_activated_subject'), + '#default_value' => _user_mail_text('status_activated_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_activated']['settings']['user_mail_status_activated_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('status_activated_body'), + '#default_value' => _user_mail_text('status_activated_body', NULL, array(), FALSE), '#rows' => 15, ); @@ -570,13 +570,13 @@ function user_admin_settings() { $form['email_blocked']['settings']['user_mail_status_blocked_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('status_blocked_subject'), + '#default_value' => _user_mail_text('status_blocked_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_blocked']['settings']['user_mail_status_blocked_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('status_blocked_body'), + '#default_value' => _user_mail_text('status_blocked_body', NULL, array(), FALSE), '#rows' => 3, ); @@ -591,13 +591,13 @@ function user_admin_settings() { $form['email_cancel_confirm']['user_mail_cancel_confirm_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('cancel_confirm_subject'), + '#default_value' => _user_mail_text('cancel_confirm_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_cancel_confirm']['user_mail_cancel_confirm_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('cancel_confirm_body'), + '#default_value' => _user_mail_text('cancel_confirm_body', NULL, array(), FALSE), '#rows' => 3, ); @@ -626,13 +626,13 @@ function user_admin_settings() { $form['email_canceled']['settings']['user_mail_status_canceled_subject'] = array( '#type' => 'textfield', '#title' => t('Subject'), - '#default_value' => _user_mail_text('status_canceled_subject'), + '#default_value' => _user_mail_text('status_canceled_subject', NULL, array(), FALSE), '#maxlength' => 180, ); $form['email_canceled']['settings']['user_mail_status_canceled_body'] = array( '#type' => 'textarea', '#title' => t('Body'), - '#default_value' => _user_mail_text('status_canceled_body'), + '#default_value' => _user_mail_text('status_canceled_body', NULL, array(), FALSE), '#rows' => 3, ); diff --git a/modules/user/user.module b/modules/user/user.module index 3c90fbb87..ba935046c 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2236,7 +2236,7 @@ function user_mail($key, &$message, $params) { * * Used by user_mail() and the settings forms to retrieve strings. */ -function _user_mail_text($key, $language = NULL, $variables = array()) { +function _user_mail_text($key, $language = NULL, $variables = array(), $replace = TRUE) { $langcode = isset($language) ? $language->language : NULL; if ($admin_setting = variable_get('user_mail_' . $key, FALSE)) { @@ -2247,143 +2247,150 @@ function _user_mail_text($key, $language = NULL, $variables = array()) { // No override, return default string. switch ($key) { case 'register_no_approval_required_subject': - $text = t('Account details for [user:name] at [site:name]', array(), array('langcode' => $langcode)); + $text = t('Account details for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'register_no_approval_required_body': - $text = t("[user:name], + $text = t("!user-name-token, -Thank you for registering at [site:name]. You may now log in to [site:login-url] using the following username and password: +Thank you for registering at !site-name-token. You may now log in by clicking this link or copying and pasting it to your browser: -username: [user:name] -password: [user:password] +!one-time-login-token -You may also log in by clicking on this link or copying and pasting it in your browser: +This link can only be used once to log in and will lead you to a page where you can set your password. -[user:one-time-login-url] +After setting your password, you will be able to log in at !site-login-url-token in the future using: -This is a one-time login, so it can be used only once. +username: !user-name-token +password: Your password -After logging in, you will be redirected to [user:edit-url] so you can change your password. - - --- [site:name] team", array(), array('langcode' => $langcode)); +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode)); break; case 'register_admin_created_subject': - $text = t('An administrator created an account for you at [site:name]', array(), array('langcode' => $langcode)); + $text = t('An administrator created an account for you at !site-name-token', array('!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'register_admin_created_body': - $text = t("[user:name], - -A site administrator at [site:name] has created an account for you. You may now log in to [site:login-url] using the following username and password: + $text = t("!user-name-token, -username: [user:name] -password: [user:password] +A site administrator at !site-name-token has created an account for you. You may now log in by clicking this link or copying and pasting it to your browser: -You may also log in by clicking on this link or copying and pasting it in your browser: +!one-time-login-token -[user:one-time-login-url] +This link can only be used once to log in and will lead you to a page where you can set your password. -This is a one-time login, so it can be used only once. +After setting your password, you will be able to log in at !site-login-url-token in the future using: -After logging in, you will be redirected to [user:edit-url] so you can change your password. +username: !user-name-token +password: Your password - --- [site:name] team", array(), array('langcode' => $langcode)); +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode)); break; case 'register_pending_approval_subject': case 'register_pending_approval_admin_subject': - $text = t('Account details for [user:name] at [site:name] (pending admin approval)', array(), array('langcode' => $langcode)); + $text = t('Account details for !user-name-token at !site-name-token (pending admin approval)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'register_pending_approval_body': - $text = t("[user:name], + $text = t("!user-name-token, -Thank you for registering at [site:name]. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details. +Thank you for registering at !site-name-token. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details. --- [site:name] team", array(), array('langcode' => $langcode)); +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'register_pending_approval_admin_body': - $text = t("[user:name] has applied for an account. + $text = t("!user-name-token has applied for an account. -[user:edit-url]", array(), array('langcode' => $langcode)); +!user-edit-url-token", array('!user-name-token' => '[user:name]', '!user-edit-url-token' => '[user:edit-url]'), array('langcode' => $langcode)); break; case 'password_reset_subject': - $text = t('Replacement login information for [user:name] at [site:name]', array(), array('langcode' => $langcode)); + $text = t('Replacement login information for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'password_reset_body': - $text = t("[user:name], + $text = t("!user-name-token, -A request to reset the password for your account has been made at [site:name]. +A request to reset the password for your account has been made at !site-name-token. -You may now log in to [site:uri-brief] by clicking on this link or copying and pasting it in your browser: +You may now log in by clicking this link or copying and pasting it to your browser: -[user:one-time-login-url] +!one-time-login-token -This is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used. +This link can only be used once to log in and will lead you to a page where you can set your password. It expires after one day and nothing will happen if it's not used. -After logging in, you will be redirected to [user:edit-url] so you can change your password.", array(), array('langcode' => $langcode)); +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]'), array('langcode' => $langcode)); break; case 'status_activated_subject': - $text = t('Account details for [user:name] at [site:name] (approved)', array(), array('langcode' => $langcode)); + $text = t('Account details for !user-name-token at !site-name-token (approved)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'status_activated_body': - $text = t("[user:name], + $text = t("!user-name-token, -Your account at [site:name] has been activated. +Your account at !site-name-token has been activated. -You may now log in by clicking on this link or copying and pasting it in your browser: +You may now log in by clicking this link or copying and pasting it into your browser: -[site:login-url] +!site-login-url-token -This is a one-time login, so it can be used only once. +This link can only be used once to log in and will lead you to a page where you can set your password. -After logging in, you will be redirected to [user:edit-url] so you can change your password. +After setting your password, you will be able to log in at !site-login-url-token in the future using: -Once you have set your own password, you will be able to log in to [site:login-url] in the future using: +username: !user-name-token +password: Your password -username: [user:name]", array(), array('langcode' => $langcode)); +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode)); break; case 'status_blocked_subject': - $text = t('Account details for [user:name] at [site:name] (blocked)', array(), array('langcode' => $langcode)); + $text = t('Account details for !user-name-token at !site-name-token (blocked)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'status_blocked_body': - $text = t("[user:name],\n\nYour account on [site:name] has been blocked.", array(), array('langcode' => $langcode)); + $text = t("!user-name-token, + +Your account on !site-name-token has been blocked. + +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'cancel_confirm_subject': - $text = t('Account cancellation request for [user:name] at [site:name]', array(), array('langcode' => $langcode)); + $text = t('Account cancellation request for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'cancel_confirm_body': - $text = t("[user:name], + $text = t("!user-name-token, -A request to cancel your account has been made at [site:name]. +A request to cancel your account has been made at !site-name-token. -You may now cancel your account on [site:url-brief] by clicking this link or copying and pasting it into your browser: +You may now cancel your account on !site-url-brief-token by clicking this link or copying and pasting it into your browser: -[user:cancel-url] +!user-cancel-url-token NOTE: The cancellation of your account is not reversible. -This link expires in one day and nothing will happen if it is not used.", array(), array('langcode' => $langcode)); +This link expires in one day and nothing will happen if it is not used. + +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!site-url-brief-token' => '[site:url-brief]', '!user-cancel-url-token' => '[user:cancel-url]'), array('langcode' => $langcode)); break; case 'status_canceled_subject': - $text = t('Account details for [user:name] at [site:name] (canceled)', array(), array('langcode' => $langcode)); + $text = t('Account details for !user-name-token at !site-name-token (canceled)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; case 'status_canceled_body': - $text = t("[user:name], + $text = t("!user-name-token, -Your account on [site:name] has been canceled.", array(), array('langcode' => $langcode)); +Your account on !site-name-token has been canceled. + +-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode)); break; } } - return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens')); + if ($replace) { + return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens')); + } + + return $text; } /** @@ -2395,10 +2402,6 @@ function user_mail_tokens(&$replacements, $data, $options) { if (isset($data['user'])) { $replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']); $replacements['[user:cancel-url]'] = user_cancel_url($data['user']); - - if (isset($data['user']->password) && !empty($data['user']->password)) { - $replacements['[user:password]'] = $data['user']->password; - } } } @@ -3289,10 +3292,10 @@ function user_register_submit($form, &$form_state) { $op = $notify ? 'register_admin_created' : 'register_no_approval_required'; _user_mail_notify($op, $account); if ($notify) { - drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); + drupal_set_message(t('A welcome message with further instructions has been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name))); } else { - drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.')); + drupal_set_message(t('A welcome message with further instructions has been sent to your e-mail address.')); $form_state['redirect'] = ''; } } diff --git a/modules/user/user.test b/modules/user/user.test index cc1c075b3..72a4c9a00 100644 --- a/modules/user/user.test +++ b/modules/user/user.test @@ -25,7 +25,7 @@ class UserRegistrationTestCase extends DrupalWebTestCase { $edit['name'] = $name = $this->randomName(); $edit['mail'] = $mail = $edit['name'] . '@example.com'; $this->drupalPost('user/register', $edit, t('Create new account')); - $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.')); + $this->assertText(t('A welcome message with further instructions has been sent to your e-mail address.'), t('User registered successfully.')); $accounts = user_load_multiple(array(), array('name' => $name, 'mail' => $mail)); $new_user = reset($accounts); $this->assertTrue($new_user->status, t('New account is active after registration.')); @@ -1350,7 +1350,7 @@ class UserCreateTestCase extends DrupalWebTestCase { $this->drupalPost('admin/people/create', $edit, t('Create new account')); if ($notify) { - $this->assertText(t('Password and further instructions have been e-mailed to the new user @name.', array('@name' => $edit['name'])), 'User created'); + $this->assertText(t('A welcome message with further instructions has been e-mailed to the new user @name.', array('@name' => $edit['name'])), 'User created'); $this->assertEqual(count($this->drupalGetMails()), 1, 'Notification e-mail sent'); } else { |