[wp-trac] [WordPress Trac] #21570: is_email_address_unsafe() is too aggressive

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 29 01:58:31 UTC 2012 

#21570: is_email_address_unsafe() is too aggressive
----------------------------------------+------------------------------
 Reporter:  mdawaffe                    |       Owner:
     Type:  defect (bug)                |      Status:  new
 Priority:  normal                      |   Milestone:  Awaiting Review
Component:  Users                       |     Version:  3.0
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |
----------------------------------------+------------------------------

Comment (by mdawaffe):

 The form input is labelled "Banned Email Domains" and says "If you want to
 ban domains from site registrations. One domain per line.", so asking
 people to enter "@bar.com" is weird unless we change those strings.  Plus,
 the option is named "banned_email_domains" :)

 One "recent" change is [13447], which prevents the use of regular
 expressions, so the {{{preg_match()}}} should be removed unless we want to
 support crazy filters on {{{pre_option_banned_email_domains}}}.  That
 changeset isn't too relevant to this ticket except that it prevents a
 possible solution: adding {{{/\bfoo\.com/}}} to the list of Banned Email
 Domains.

 I don't think that many people are including a ".bar.com" (as opposed to a
 "bar.com") entry since ".bar.com" does not block a registration from
 "mike at bar.com", for example.

 With the current code, a "bar.com" entry has the following behavior:
 * mike at bar.com: blocked = expected
 * mike at foo.bar.com: blocked = expected
 * mike at foo-bar.com: blocked = not expected

 And a ".bar.com" entry does:
 * mike at bar.com: not blocked = expected? I don't know, see above.
 * mike at foo.bar.com: blocked = expected
 * mike at foo-bar.com: not blocked = expected

 With my patch, the "bar.com" entry does:
 * mike at bar.com: blocked = expected
 * mike at foo.bar.com: blocked = expected
 * mike at foo-bar.com: not blocked = expected

 And the ".bar.com" entry does:
 * mike at bar.com: not blocked = expected? I don't know, see above.
 * mike at foo.bar.com: blocked = expected
 * mike at foo-bar.com: not blocked = expected

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21570#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list