Commit 212a5e08 authored by Dries's avatar Dries
Browse files

- Patch #660302 by reglogge, samhassell, agentrickard, jhodgdon: registration...

- Patch #660302 by reglogge, samhassell, agentrickard, jhodgdon: registration e-mails should not contain passwords.
parent 6ad8b01a
......@@ -423,7 +423,7 @@ function user_admin_settings() {
);
// These email tokens are shared for all settings, so just define
// the list once to help ensure they stay in sync.
$email_token_help = t('Available variables are:') . ' [site:name], [site:url], [user:name], [user:mail], [site:login-url], [user:edit-url], [user:password], [user:one-time-login-url], [user:cancel-url].';
$email_token_help = t('You can use the following tokens in your e-mail message text: !site-name-token, !site-url-token, !user-name-token, !user-mail-token, !site-login-url-token, !user-edit-url-token, !user-one-time-login-url-token, !user-cancel-url-token', array('!site-name-token' => '[site:name]', '!site-url-token' => '[site:url]', '!user-name-token' => '[user:name]', '!user-mail-token' => '[user:mail]', '!site-login-url-token' => '[site:login-url]', '!user-edit-url-token' => '[user:edit-url]', '!user-one-time-login-url-token' => '[user:one-time-login-url]', '!user-cancel-url-token' => '[user:cancel-url]'));
$form['email_admin_created'] = array(
'#type' => 'fieldset',
......@@ -436,13 +436,13 @@ function user_admin_settings() {
$form['email_admin_created']['user_mail_register_admin_created_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('register_admin_created_subject'),
'#default_value' => _user_mail_text('register_admin_created_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_admin_created']['user_mail_register_admin_created_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('register_admin_created_body'),
'#default_value' => _user_mail_text('register_admin_created_body', NULL, array(), FALSE),
'#rows' => 15,
);
......@@ -457,13 +457,13 @@ function user_admin_settings() {
$form['email_pending_approval']['user_mail_register_pending_approval_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('register_pending_approval_subject'),
'#default_value' => _user_mail_text('register_pending_approval_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_pending_approval']['user_mail_register_pending_approval_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('register_pending_approval_body'),
'#default_value' => _user_mail_text('register_pending_approval_body', NULL, array(), FALSE),
'#rows' => 8,
);
......@@ -478,13 +478,13 @@ function user_admin_settings() {
$form['email_no_approval_required']['user_mail_register_no_approval_required_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('register_no_approval_required_subject'),
'#default_value' => _user_mail_text('register_no_approval_required_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_no_approval_required']['user_mail_register_no_approval_required_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('register_no_approval_required_body'),
'#default_value' => _user_mail_text('register_no_approval_required_body', NULL, array(), FALSE),
'#rows' => 15,
);
......@@ -500,13 +500,13 @@ function user_admin_settings() {
$form['email_password_reset']['user_mail_password_reset_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('password_reset_subject'),
'#default_value' => _user_mail_text('password_reset_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_password_reset']['user_mail_password_reset_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('password_reset_body'),
'#default_value' => _user_mail_text('password_reset_body', NULL, array(), FALSE),
'#rows' => 12,
);
......@@ -535,13 +535,13 @@ function user_admin_settings() {
$form['email_activated']['settings']['user_mail_status_activated_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('status_activated_subject'),
'#default_value' => _user_mail_text('status_activated_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_activated']['settings']['user_mail_status_activated_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('status_activated_body'),
'#default_value' => _user_mail_text('status_activated_body', NULL, array(), FALSE),
'#rows' => 15,
);
......@@ -570,13 +570,13 @@ function user_admin_settings() {
$form['email_blocked']['settings']['user_mail_status_blocked_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('status_blocked_subject'),
'#default_value' => _user_mail_text('status_blocked_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_blocked']['settings']['user_mail_status_blocked_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('status_blocked_body'),
'#default_value' => _user_mail_text('status_blocked_body', NULL, array(), FALSE),
'#rows' => 3,
);
......@@ -591,13 +591,13 @@ function user_admin_settings() {
$form['email_cancel_confirm']['user_mail_cancel_confirm_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('cancel_confirm_subject'),
'#default_value' => _user_mail_text('cancel_confirm_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_cancel_confirm']['user_mail_cancel_confirm_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('cancel_confirm_body'),
'#default_value' => _user_mail_text('cancel_confirm_body', NULL, array(), FALSE),
'#rows' => 3,
);
......@@ -626,13 +626,13 @@ function user_admin_settings() {
$form['email_canceled']['settings']['user_mail_status_canceled_subject'] = array(
'#type' => 'textfield',
'#title' => t('Subject'),
'#default_value' => _user_mail_text('status_canceled_subject'),
'#default_value' => _user_mail_text('status_canceled_subject', NULL, array(), FALSE),
'#maxlength' => 180,
);
$form['email_canceled']['settings']['user_mail_status_canceled_body'] = array(
'#type' => 'textarea',
'#title' => t('Body'),
'#default_value' => _user_mail_text('status_canceled_body'),
'#default_value' => _user_mail_text('status_canceled_body', NULL, array(), FALSE),
'#rows' => 3,
);
......
......@@ -2236,7 +2236,7 @@ function user_mail($key, &$message, $params) {
*
* Used by user_mail() and the settings forms to retrieve strings.
*/
function _user_mail_text($key, $language = NULL, $variables = array()) {
function _user_mail_text($key, $language = NULL, $variables = array(), $replace = TRUE) {
$langcode = isset($language) ? $language->language : NULL;
if ($admin_setting = variable_get('user_mail_' . $key, FALSE)) {
......@@ -2247,143 +2247,150 @@ function _user_mail_text($key, $language = NULL, $variables = array()) {
// No override, return default string.
switch ($key) {
case 'register_no_approval_required_subject':
$text = t('Account details for [user:name] at [site:name]', array(), array('langcode' => $langcode));
$text = t('Account details for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'register_no_approval_required_body':
$text = t("[user:name],
$text = t("!user-name-token,
Thank you for registering at [site:name]. You may now log in to [site:login-url] using the following username and password:
Thank you for registering at !site-name-token. You may now log in by clicking this link or copying and pasting it to your browser:
username: [user:name]
password: [user:password]
!one-time-login-token
You may also log in by clicking on this link or copying and pasting it in your browser:
This link can only be used once to log in and will lead you to a page where you can set your password.
[user:one-time-login-url]
After setting your password, you will be able to log in at !site-login-url-token in the future using:
This is a one-time login, so it can be used only once.
username: !user-name-token
password: Your password
After logging in, you will be redirected to [user:edit-url] so you can change your password.
-- [site:name] team", array(), array('langcode' => $langcode));
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode));
break;
case 'register_admin_created_subject':
$text = t('An administrator created an account for you at [site:name]', array(), array('langcode' => $langcode));
$text = t('An administrator created an account for you at !site-name-token', array('!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'register_admin_created_body':
$text = t("[user:name],
A site administrator at [site:name] has created an account for you. You may now log in to [site:login-url] using the following username and password:
$text = t("!user-name-token,
username: [user:name]
password: [user:password]
A site administrator at !site-name-token has created an account for you. You may now log in by clicking this link or copying and pasting it to your browser:
You may also log in by clicking on this link or copying and pasting it in your browser:
!one-time-login-token
[user:one-time-login-url]
This link can only be used once to log in and will lead you to a page where you can set your password.
This is a one-time login, so it can be used only once.
After setting your password, you will be able to log in at !site-login-url-token in the future using:
After logging in, you will be redirected to [user:edit-url] so you can change your password.
username: !user-name-token
password: Your password
-- [site:name] team", array(), array('langcode' => $langcode));
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode));
break;
case 'register_pending_approval_subject':
case 'register_pending_approval_admin_subject':
$text = t('Account details for [user:name] at [site:name] (pending admin approval)', array(), array('langcode' => $langcode));
$text = t('Account details for !user-name-token at !site-name-token (pending admin approval)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'register_pending_approval_body':
$text = t("[user:name],
$text = t("!user-name-token,
Thank you for registering at [site:name]. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.
Thank you for registering at !site-name-token. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.
-- [site:name] team", array(), array('langcode' => $langcode));
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'register_pending_approval_admin_body':
$text = t("[user:name] has applied for an account.
$text = t("!user-name-token has applied for an account.
[user:edit-url]", array(), array('langcode' => $langcode));
!user-edit-url-token", array('!user-name-token' => '[user:name]', '!user-edit-url-token' => '[user:edit-url]'), array('langcode' => $langcode));
break;
case 'password_reset_subject':
$text = t('Replacement login information for [user:name] at [site:name]', array(), array('langcode' => $langcode));
$text = t('Replacement login information for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'password_reset_body':
$text = t("[user:name],
$text = t("!user-name-token,
A request to reset the password for your account has been made at [site:name].
A request to reset the password for your account has been made at !site-name-token.
You may now log in to [site:uri-brief] by clicking on this link or copying and pasting it in your browser:
You may now log in by clicking this link or copying and pasting it to your browser:
[user:one-time-login-url]
!one-time-login-token
This is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.
This link can only be used once to log in and will lead you to a page where you can set your password. It expires after one day and nothing will happen if it's not used.
After logging in, you will be redirected to [user:edit-url] so you can change your password.", array(), array('langcode' => $langcode));
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!one-time-login-token' => '[user:one-time-login-url]'), array('langcode' => $langcode));
break;
case 'status_activated_subject':
$text = t('Account details for [user:name] at [site:name] (approved)', array(), array('langcode' => $langcode));
$text = t('Account details for !user-name-token at !site-name-token (approved)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'status_activated_body':
$text = t("[user:name],
$text = t("!user-name-token,
Your account at [site:name] has been activated.
Your account at !site-name-token has been activated.
You may now log in by clicking on this link or copying and pasting it in your browser:
You may now log in by clicking this link or copying and pasting it into your browser:
[site:login-url]
!site-login-url-token
This is a one-time login, so it can be used only once.
This link can only be used once to log in and will lead you to a page where you can set your password.
After logging in, you will be redirected to [user:edit-url] so you can change your password.
After setting your password, you will be able to log in at !site-login-url-token in the future using:
Once you have set your own password, you will be able to log in to [site:login-url] in the future using:
username: !user-name-token
password: Your password
username: [user:name]", array(), array('langcode' => $langcode));
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!site-login-url-token' => '[site:login-url]'), array('langcode' => $langcode));
break;
case 'status_blocked_subject':
$text = t('Account details for [user:name] at [site:name] (blocked)', array(), array('langcode' => $langcode));
$text = t('Account details for !user-name-token at !site-name-token (blocked)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'status_blocked_body':
$text = t("[user:name],\n\nYour account on [site:name] has been blocked.", array(), array('langcode' => $langcode));
$text = t("!user-name-token,
Your account on !site-name-token has been blocked.
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'cancel_confirm_subject':
$text = t('Account cancellation request for [user:name] at [site:name]', array(), array('langcode' => $langcode));
$text = t('Account cancellation request for !user-name-token at !site-name-token', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'cancel_confirm_body':
$text = t("[user:name],
$text = t("!user-name-token,
A request to cancel your account has been made at [site:name].
A request to cancel your account has been made at !site-name-token.
You may now cancel your account on [site:url-brief] by clicking this link or copying and pasting it into your browser:
You may now cancel your account on !site-url-brief-token by clicking this link or copying and pasting it into your browser:
[user:cancel-url]
!user-cancel-url-token
NOTE: The cancellation of your account is not reversible.
This link expires in one day and nothing will happen if it is not used.", array(), array('langcode' => $langcode));
This link expires in one day and nothing will happen if it is not used.
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]', '!site-url-brief-token' => '[site:url-brief]', '!user-cancel-url-token' => '[user:cancel-url]'), array('langcode' => $langcode));
break;
case 'status_canceled_subject':
$text = t('Account details for [user:name] at [site:name] (canceled)', array(), array('langcode' => $langcode));
$text = t('Account details for !user-name-token at !site-name-token (canceled)', array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
case 'status_canceled_body':
$text = t("[user:name],
$text = t("!user-name-token,
Your account on [site:name] has been canceled.", array(), array('langcode' => $langcode));
Your account on !site-name-token has been canceled.
-- !site-name-token team", array('!user-name-token' => '[user:name]', '!site-name-token' => '[site:name]'), array('langcode' => $langcode));
break;
}
}
return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens'));
if ($replace) {
return token_replace($text, $variables, array('language' => $language, 'callback' => 'user_mail_tokens'));
}
return $text;
}
/**
......@@ -2395,10 +2402,6 @@ function user_mail_tokens(&$replacements, $data, $options) {
if (isset($data['user'])) {
$replacements['[user:one-time-login-url]'] = user_pass_reset_url($data['user']);
$replacements['[user:cancel-url]'] = user_cancel_url($data['user']);
if (isset($data['user']->password) && !empty($data['user']->password)) {
$replacements['[user:password]'] = $data['user']->password;
}
}
}
......@@ -3289,10 +3292,10 @@ function user_register_submit($form, &$form_state) {
$op = $notify ? 'register_admin_created' : 'register_no_approval_required';
_user_mail_notify($op, $account);
if ($notify) {
drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
drupal_set_message(t('A welcome message with further instructions has been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
}
else {
drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
drupal_set_message(t('A welcome message with further instructions has been sent to your e-mail address.'));
$form_state['redirect'] = '';
}
}
......
......@@ -25,7 +25,7 @@ class UserRegistrationTestCase extends DrupalWebTestCase {
$edit['name'] = $name = $this->randomName();
$edit['mail'] = $mail = $edit['name'] . '@example.com';
$this->drupalPost('user/register', $edit, t('Create new account'));
$this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.'));
$this->assertText(t('A welcome message with further instructions has been sent to your e-mail address.'), t('User registered successfully.'));
$accounts = user_load_multiple(array(), array('name' => $name, 'mail' => $mail));
$new_user = reset($accounts);
$this->assertTrue($new_user->status, t('New account is active after registration.'));
......@@ -1350,7 +1350,7 @@ class UserCreateTestCase extends DrupalWebTestCase {
$this->drupalPost('admin/people/create', $edit, t('Create new account'));
if ($notify) {
$this->assertText(t('Password and further instructions have been e-mailed to the new user @name.', array('@name' => $edit['name'])), 'User created');
$this->assertText(t('A welcome message with further instructions has been e-mailed to the new user @name.', array('@name' => $edit['name'])), 'User created');
$this->assertEqual(count($this->drupalGetMails()), 1, 'Notification e-mail sent');
}
else {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment