[wp-meta] [Making WordPress.org] #5178: Plugin Directory: Improve Uploader Fails

Making WordPress.org noreply at wordpress.org
Fri May 1 06:27:28 UTC 2020

#5178: Plugin Directory: Improve Uploader Fails
 Reporter:  Ipstenu                |       Owner:  dd32
     Type:  enhancement            |      Status:  closed
 Priority:  normal                 |   Milestone:
Component:  General                |  Resolution:  fixed
 Keywords:  has-patch 2nd-opinion  |

Comment (by dd32):

 > THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and
 trademarks they're allowed to use. I was not able to test this fully! The
 idea is that 'If you're Yoast, you can use Yoast.' I do not envision there
 will be a lot of need for this, but it will calm down Automattic a touch
 :) I would love a second opinion on this part.

 Works for me :)

 The only change I made was to add the 3rd param to `explode( '@', email, 2
 )` so that `fraudster at realdomain.com@attackersdomain.com` didn't allow an
 attacker to use `realdomain`s trademarks if somehow they managed to get
 that as an email address on WordPress.org.

Ticket URL: <https://meta.trac.wordpress.org/ticket/5178#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list