[wp-trac] [WordPress Trac] #39915: is_email_address_unsafe() throws notice for invalid email addresses
WordPress Trac
noreply at wordpress.org
Tue May 9 05:12:37 UTC 2017
#39915: is_email_address_unsafe() throws notice for invalid email addresses
--------------------------------------+-------------------------
Reporter: ocean90 | Owner: jeremyfelt
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 4.8
Component: Users | Version: 3.5
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: multisite
--------------------------------------+-------------------------
Changes (by jeremyfelt):
* keywords: has-patch needs-unit-tests => has-patch has-unit-tests
* status: assigned => reviewing
* version: => 3.5
Comment:
[attachment:39915.diff] adds some tests for `wpmu_validate_user_signup()`
that replicate the issue. In addition to putting `is_email()` above
`is_email_address_unsafe()`, those blocks are now combined. If we know
that an email is invalid already, there's no reason to check if it's
unsafe. If `is_email()` fails, there's also a good chance
`sanitize_email()` has already returned an empty string.
It looks like `is_email_address_unsafe()` could benefit from a basic check
for `@` rather than a full `is_email()`. `is_email()` can be filtered to
allow an email without `@` (why?) and we'd run into a similar report one
day. [attachment:39915-email-unsafe.diff] addresses this as a separate
issue.
This was introduced in [22461]. Before that commit it looks like
`bademail` would generate a domain of `ademail`. :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39915#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list