Opened 2 years ago
Last modified 3 months ago
#17433 new defect (bug)
localhost is not accepted as email domain
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | Formatting | Version: | 3.2 |
| Severity: | normal | Keywords: | has-patch |
| Cc: | info@…, kurtpayne, pauldewouters@… |
Description
Hi. Tried to install WordPress on a Debian machine not connected to Internet, only for testing purposes, so when the setup procedure asked me for an email address, I used mylogin@localhost. The setup procedure, however, rejected this as "invalid".
I think the bug is exactly in wp-includes/formatting.php, where it says:
Assume the domain will have at least two subs
if ( 2 > count( $subs ) ) {
return apply_filters( 'is_email', false, $email, 'domain_no_periods' );
}
So: Could you please special-case "localhost" in is_email() so that it's allowed as email domain?
I guess the probability of someone using @localhost for email "by mistake" is extremely low, so this change will unlikely harm the average user.
Thanks.
Attachments (2)
Change History (10)
- Keywords reporter-feedback close added
There are several reasons:
a) localhost is shorter and I expected it to work.
b) My MTA is usually not configured to accept mail for localhost.localdomain. I have never had a need for that in 15 years.
What's the problem with supporting localhost since it's correct?
BTW: The default value for DB_HOST in wp-config-sample.php is localhost. It would be somewhat contradictory that localhost is not even accepted for email!
- Cc info@… added
PHP 5.2 is now an requirement, so we should use the filter functions which allow me@localhost. See the plugin Extend Email Checks for an example.
comment:4
SergeyBiryukov — 22 months ago
- Keywords needs-patch added; reporter-feedback close removed
- Cc kurtpayne added
- Keywords has-patch added; needs-patch removed
This patch will allow dotless e-mail domains as long as the server can resolve the domain via a DNS lookup. It should allow "localhost" and other development domains, but prevent "fakedomain" (unless fakedomain resolves on your network).
If DNS times out on an invalid dotless domain, there may be a delay of up to 2 seconds. This should be encountered rarely, but, due to the stacking of sanitize_email() and is_email() may be encountered twice in a row.
Thoughts about this approach?
Replying to kurtpayne:
This patch will allow dotless e-mail domains as long as the server can resolve the domain via a DNS lookup. It should allow "localhost" and other development domains, but prevent "fakedomain" (unless fakedomain resolves on your network).
If DNS times out on an invalid dotless domain, there may be a delay of up to 2 seconds. This should be encountered rarely, but, due to the stacking of sanitize_email() and is_email() may be encountered twice in a row.
Thoughts about this approach?
We don't want to add dns lookups to every call to is_email as it could slow down a site unnecessary and lead to other issues.
In general we should probably consider moving all of our validation filtering like this to use the filter_var stuff in PHP 5.2 now it is available to us.
@westi I was ready to disagree and defend "user@localhost" as a valid address, but I dug into this a bit more and found this post on stackoverflow.com which changed my mind. The php developers who wrote the e-mail filter don't allow short domains because only FQDNs are allowed in SMTP servers according to RFC 5321.
Submitting patch 17433-2.diff to switch to email code to filter_var() as you and @toscho suggested.
comment:8
pauldewouters — 3 months ago
- Cc pauldewouters@… added
Why not just use email@localhost.localdomain ? That should work without issue.