| 1 | Index: wp-includes/functions.php |
|---|
| 2 | =================================================================== |
|---|
| 3 | --- wp-includes/functions.php (revision 16332) |
|---|
| 4 | +++ wp-includes/functions.php (working copy) |
|---|
| 5 | @@ -4434,3 +4434,16 @@ |
|---|
| 6 | $show_admin_bar = (bool) $show; |
|---|
| 7 | } |
|---|
| 8 | |
|---|
| 9 | +/** |
|---|
| 10 | + * Checks if a value ends in a valid TLD |
|---|
| 11 | + * |
|---|
| 12 | + * TLD list as per http://data.iana.org/TLD/tlds-alpha-by-domain.txt |
|---|
| 13 | + * |
|---|
| 14 | + * @since 3.1.0 |
|---|
| 15 | + * |
|---|
| 16 | + * @param string $value Any string, usually a [sub]domain, email address, etc. |
|---|
| 17 | + * @return boolean |
|---|
| 18 | + */ |
|---|
| 19 | +function ends_with_valid_tld( $value ) { |
|---|
| 20 | + return preg_match( '/\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|测试|XN--11B5BS3A9AJ6G|परीक्षा|XN--80AKHBYKNJ4F|испытание|XN--9T4B11YI5A|테스트|XN--DEBA0AD|טעסט|XN--G6W251D|測試|XN--HGBK6AJ7F53BBA|آزمایشی|XN--HLCJ6AYA9ESC7A|பரிட்சை|XN--JXALPDLP|δοκιμή|XN--KGBECHTV|إختبار|XN--ZCKZAH|テスト|YE|YT|YU|ZA|ZM|ZW)$/iu', $value ); |
|---|
| 21 | +} |
|---|
| 22 | \ No newline at end of file |
|---|
| 23 | Index: wp-includes/formatting.php |
|---|
| 24 | =================================================================== |
|---|
| 25 | --- wp-includes/formatting.php (revision 16332) |
|---|
| 26 | +++ wp-includes/formatting.php (working copy) |
|---|
| 27 | @@ -1534,6 +1534,11 @@ |
|---|
| 28 | if ( strpos( $email, '@', 1 ) === false ) { |
|---|
| 29 | return apply_filters( 'is_email', false, $email, 'email_no_at' ); |
|---|
| 30 | } |
|---|
| 31 | + |
|---|
| 32 | + // Test for a valid top-level domain (TLD) |
|---|
| 33 | + if ( ! ends_with_valid_tld( $email ) ) { |
|---|
| 34 | + return apply_filters( 'is_email', false, $email, 'domain_invalid_tld' ); |
|---|
| 35 | + } |
|---|
| 36 | |
|---|
| 37 | // Split out the local and domain parts |
|---|
| 38 | list( $local, $domain ) = explode( '@', $email, 2 ); |
|---|
| 39 | @@ -1755,6 +1760,11 @@ |
|---|
| 40 | if ( strpos( $email, '@', 1 ) === false ) { |
|---|
| 41 | return apply_filters( 'sanitize_email', '', $email, 'email_no_at' ); |
|---|
| 42 | } |
|---|
| 43 | + |
|---|
| 44 | + // Test for a valid top-level domain (TLD) |
|---|
| 45 | + if ( ! ends_with_valid_tld( $email ) ) { |
|---|
| 46 | + return apply_filters( 'sanitize_email', '', $email, 'domain_invalid_tld' ); |
|---|
| 47 | + } |
|---|
| 48 | |
|---|
| 49 | // Split out the local and domain parts |
|---|
| 50 | list( $local, $domain ) = explode( '@', $email, 2 ); |
|---|
