-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encourage setting up a second recovery method #642
Conversation
Collect all warnings into same place
sprintf( | ||
__( 'To update your Two-Factor options, you must first revalidate your session.', 'two-factor' ) . | ||
'<br><a class="button" href="%s">' . __( 'Revalidate now', 'two-factor' ) . '</a>', | ||
$notices['warning two-factor-warning-revalidate-session'] = sprintf( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like the hidden meaning of the first key string being the class suffix for notice-*
but that's how we can allow for multiple notices of the same type without introducing some kind of an abstraction.
<p><?php echo $notice; ?></p> | ||
</div> | ||
<?php endforeach; ?> | ||
<p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are now permanent instructions suggest the best-practice setup.
class-two-factor-core.php
Outdated
?> | ||
<h2><?php esc_html_e( 'Two-Factor Options', 'two-factor' ); ?></h2> | ||
<?php foreach ( $notices as $notice_type => $notice ) : ?> | ||
<div class="<?php echo esc_attr( $notice_type ? 'notice inline notice-' . $notice_type : '' ); ?>"> | ||
<p><?php echo $notice; ?></p> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see the values are already escaped early should there be a wp_kses
here to be safe / should we mention the values are already escaped above?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kasparsd FYI on the question above for you
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is now done in 2284d6a. We're using wp_kses_post()
similar to how WP core does it here:
What?
Fixes #485.
Why?
Encourage users to configure at least two two-factor methods to prevent them from being locked out of account in case of loosing access to the primary method.
How?
Showing a notice before any of the methods are configured and when only one method is configured.
Testing Instructions
Screenshots or screencast
No methods configured:
Only one method configured:
Multiple notices:
Changelog Entry
Added a notice to the user profile suggesting to configure at least two two-factor methods for ensuring access.