[wp-meta] [Making WordPress.org] #5178: Plugin Directory: Improve Uploader Fails
Making WordPress.org
noreply at wordpress.org
Fri May 1 06:27:28 UTC 2020
#5178: Plugin Directory: Improve Uploader Fails
-----------------------------------+---------------------
Reporter: Ipstenu | Owner: dd32
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: General | Resolution: fixed
Keywords: has-patch 2nd-opinion |
-----------------------------------+---------------------
Comment (by dd32):
> THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and
trademarks they're allowed to use. I was not able to test this fully! The
idea is that 'If you're Yoast, you can use Yoast.' I do not envision there
will be a lot of need for this, but it will calm down Automattic a touch
:) I would love a second opinion on this part.
Works for me :)
The only change I made was to add the 3rd param to `explode( '@', email, 2
)` so that `fraudster at realdomain.com@attackersdomain.com` didn't allow an
attacker to use `realdomain`s trademarks if somehow they managed to get
that as an email address on WordPress.org.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/5178#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list