[wp-trac] [WordPress Trac] #39915: is_email_address_unsafe() throws notice for invalid email addresses
WordPress Trac
noreply at wordpress.org
Sun Feb 19 18:11:35 UTC 2017
#39915: is_email_address_unsafe() throws notice for invalid email addresses
--------------------------+-----------------------
Reporter: ocean90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8
Component: Users | Version:
Severity: normal | Keywords: has-patch
Focuses: multisite |
--------------------------+-----------------------
If the `banned_email_domains` option is set, `is_email_address_unsafe()`
tries to split an email address into two parts. If the provided email
doesn't contain a domain a notice is thrown.
{{{
$ wp shell
wp> is_email_address_unsafe( 'foo' );
=> bool(false)
wp> update_site_option( 'banned_email_domains', [ 'example.org' ] );
=> bool(true)
wp> is_email_address_unsafe( 'foo' );
PHP Notice: Undefined offset: 1 in /wp-includes/ms-functions.php on line
360
Notice: Undefined offset: 1 in /wp-includes/ms-functions.php on line 360
=> bool(false)
}}}
I noticed this because in `wpmu_validate_user_signup()` the `is_email()`
[https://core.trac.wordpress.org/browser/tags/4.7.2/src/wp-includes/ms-
functions.php?marks=444,458#L443 check happens after]
`is_email_address_unsafe()`.
For `wpmu_validate_user_signup()` we can move the `is_email()` check above
`is_email_address_unsafe()`.
Not sure about `is_email_address_unsafe()`. Should the check be skipped if
the email is invalid? Should it return true or false? Should we treat it
as a domain only?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39915>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list