[wp-trac] [WordPress Trac] #18658: Allow apostrophe in email validation
WordPress Trac
wp-trac at lists.automattic.com
Thu May 10 15:47:10 UTC 2012
#18658: Allow apostrophe in email validation
--------------------------+------------------------------
Reporter: swinhoe | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.2.1
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Changes (by holizz):
* type: enhancement => defect (bug)
* component: Validation => Users
Comment:
This also needs to be fixed in send_confirmation_on_profile_email (wp-
admin/includes/ms.php line 239 as of v3.3.2).
I'm also changing this from enhancement to bug (and from Validation to
Users) because is_email already allows apostrophes in email addresses and
is working correctly - the problem is that the user-related areas which
call is_email aren't using stripslashes like they should be.
And now for some opinion, because this "feature" has been annoying me for
years:
> Regardless of your PHP settings, WP is protecting the data. It's secure
and awesome, but I think this is just an outlier case that probably
doesn't happen very often so it hasn't been a priority.
People who know what they're doing run all their SQL through
$wpdb->prepare. People who don't know what they're doing shouldn't be
putting their code on public-facing Web sites. Adding backslashes causes
problems all the time, whether I've forgotten to remove them in my code,
somebody else has forgotten in their plugin/theme, and bugs like this
which prove that even WP core developers can't remember to use
stripslashes. I think protecting neophytes who expect not to get owned is
a small benefit for all the problems it causes.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18658#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list