Make WordPress Core

Ticket #15706: 15706.3.patch

File 15706.3.patch, 4.8 KB (added by boonebgorges, 11 years ago)
  • wp-includes/formatting.php

     
    29352935                        $value = array();
    29362936
    29372937                        foreach ( $domains as $domain ) {
    2938                                 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
     2938                                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.\*])+$|', $domain ) )
    29392939                                        $value[] = $domain;
    29402940                        }
    29412941                        if ( ! $value )
  • wp-includes/ms-functions.php

     
    373373 */
    374374function is_email_address_unsafe( $user_email ) {
    375375        $banned_names = get_site_option( 'banned_email_domains' );
    376         if ( $banned_names && ! is_array( $banned_names ) )
    377                 $banned_names = explode( "\n", $banned_names );
    378376
    379         $is_email_address_unsafe = false;
     377        return apply_filters( 'is_email_address_unsafe', is_email_domain_in_list( $user_email, $banned_names ), $user_email );
     378}
    380379
    381         if ( $banned_names && is_array( $banned_names ) ) {
    382                 list( $email_local_part, $email_domain ) = explode( '@', $user_email );
     380/**
     381 * Checks an email address against a whitelist of allowed domains.
     382 *
     383 * This function checks against the Limited Email Domains list
     384 * at wp-admin/network/settings.php. The check is only run on
     385 * self-registrations; user creation at wp-admin/network/users.php
     386 * bypasses this check.
     387 *
     388 * @since 3.7
     389 *
     390 * @param string $user_email The email provided by the user at registration.
     391 * @return bool Returns true when the email address is allowed.
     392 */
     393function is_email_address_allowed( $user_email ) {
     394        $allowed_names = get_site_option( 'limited_email_domains' );
    383395
    384                 foreach ( $banned_names as $banned_domain ) {
    385                         if ( ! $banned_domain )
     396        // Any address is allowed when no whitelist is present
     397        if ( empty( $allowed_names ) ) {
     398                $is_email_address_allowed = true;
     399        } else {
     400                $is_email_address_allowed = is_email_domain_in_list( $user_email, $allowed_names );
     401        }
     402
     403        return apply_filters( 'is_email_address_allowed', $is_email_address_allowed, $user_email );
     404}
     405
     406/**
     407 * Checks whether an email is on a whitelist/blacklist
     408 *
     409 * Used by is_email_address_unsafe() and is_email_address_allowed() to do
     410 * a wildcard-safe check of an email against an array of allowed/banned
     411 * domains.
     412 *
     413 * Any complete section of a URL (between the dots) can be represented by
     414 * a wildcard. Eg, 'test@foo.bar.com' will count as a match for '*.bar.com'.
     415 *
     416 * @since 3.7
     417 *
     418 * @param string $email The email address being checked
     419 * @param array|string $domain_list Domains to check against
     420 * @return bool Returns true when the email matches one of the domains on
     421 *   the list
     422 */
     423function is_email_domain_in_list( $email, $domain_list ) {
     424        if ( ! is_array( $domain_list ) ) {
     425                $domain_list = explode( "\n", $domain_list );
     426        }
     427
     428        $is_in_list = false;
     429
     430        if ( $domain_list && is_array( $domain_list ) ) {
     431                list( $email_local_part, $email_domain ) = explode( '@', $email );
     432
     433                foreach ( $domain_list as $domain ) {
     434                        if ( ! $domain ) {
    386435                                continue;
     436                        }
    387437
    388                         if ( $email_domain == $banned_domain ) {
    389                                 $is_email_address_unsafe = true;
     438                        if ( $email_domain == $domain ) {
     439                                $is_in_list = true;
    390440                                break;
    391441                        }
    392442
    393                         $dotted_domain = ".$banned_domain";
    394                         if ( $dotted_domain === substr( $user_email, -strlen( $dotted_domain ) ) ) {
    395                                 $is_email_address_unsafe = true;
     443                        $dotted_domain = ".$domain";
     444                        if ( $dotted_domain === substr( $email, -strlen( $dotted_domain ) ) ) {
     445                                $is_in_list = true;
    396446                                break;
    397447                        }
     448
     449                        if ( false !== strpos( $domain, '*' ) ) {
     450                                $domain_pattern = '|' . str_replace( '\*', '[a-zA-Z0-9-]+', preg_quote( $domain ) ) . '|';
     451                                preg_match( $domain_pattern, $email_domain, $matches );
     452                                if ( isset( $matches[0] ) && $matches[0] == $email_domain ) {
     453                                        $is_in_list = true;
     454                                        break;
     455                                }
     456                        }
    398457                }
     458
     459                return $is_in_list;
    399460        }
    400 
    401         return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email );
    402461}
    403462
    404463/**
     
    467526        if ( !is_email( $user_email ) )
    468527                $errors->add('user_email', __( 'Please enter a valid email address.' ) );
    469528
     529        if ( ! is_email_address_allowed( $user_email ) ) {
    470530        $limited_email_domains = get_site_option( 'limited_email_domains' );
    471         if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
    472                 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
    473                 if ( in_array( $emaildomain, $limited_email_domains ) == false )
    474                         $errors->add('user_email', __('Sorry, that email address is not allowed!'));
     531                $errors->add('user_email', __('Sorry, that email address is not allowed!'));
    475532        }
    476533
    477534        // Check if the username has been used already.