WordPress.org

Make WordPress Core

Ticket #21730: 21730.02.patch

File 21730.02.patch, 13.2 KB (added by imath, 5 years ago)
  • src/wp-admin/options-general.php

    diff --git src/wp-admin/options-general.php src/wp-admin/options-general.php
    index 220b07e..d4e7250 100644
    include( ABSPATH . 'wp-admin/admin-header.php' ); 
    7373<tr>
    7474<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th>
    7575<td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" />
    76 <?php if ( ! defined( 'WP_HOME' ) ) : ?> 
     76<?php if ( ! defined( 'WP_HOME' ) ) : ?>
    7777<p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td>
    7878<?php endif; ?>
    7979</tr>
    include( ABSPATH . 'wp-admin/admin-header.php' ); 
    9090</fieldset></td>
    9191</tr>
    9292<tr>
     93<th scope="row"><?php _e( 'Limited Email Registrations' ) ?></th>
     94<td> <fieldset><legend class="screen-reader-text"><span><?php _e( 'Limited Email Registrations' ) ?></span></legend>
     95<p><label for="limited_email_domains"><?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?></label></p>
     96<?php $limited_email_domains = get_option( 'limited_email_domains' );
     97$limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?>
     98<p>
     99<textarea name="limited_email_domains" id="limited_email_domains" cols="45" rows="5" class="large-text code"><?php echo esc_textarea( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea>
     100</p>
     101</fieldset></td>
     102</tr>
     103<tr>
     104<th scope="row"><?php _e( 'Banned Email Domains' ) ?></th>
     105<td> <fieldset><legend class="screen-reader-text"><span><?php _e( 'Banned Email Domains' ) ?></span></legend>
     106<p><label for="banned_email_domains"><?php _e( 'If you want to ban domains from site registrations. One domain per line.' ) ?></label></p>
     107<?php $banned_email_domains = get_option( 'banned_email_domains' );
     108$banned_email_domains = str_replace( ' ', "\n", $banned_email_domains ); ?>
     109<p>
     110<textarea name="banned_email_domains" id="banned_email_domains" cols="45" rows="5" class="large-text code"><?php echo esc_textarea( $banned_email_domains == '' ? '' : implode( "\n", (array) $banned_email_domains ) ); ?></textarea>
     111</p>
     112</fieldset></td>
     113</tr>
     114<tr>
    93115<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th>
    94116<td>
    95117<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select>
  • src/wp-admin/options.php

    diff --git src/wp-admin/options.php src/wp-admin/options.php
    index e2bfa90..8bd1bc4 100644
    if ( !is_multisite() ) { 
    108108
    109109        $whitelist_options['general'][] = 'admin_email';
    110110        $whitelist_options['general'][] = 'users_can_register';
     111        $whitelist_options['general'][] = 'limited_email_domains';
     112        $whitelist_options['general'][] = 'banned_email_domains';
    111113        $whitelist_options['general'][] = 'default_role';
    112114
    113115        $whitelist_options['writing'] = array_merge($whitelist_options['writing'], $mail_options);
  • src/wp-includes/ms-functions.php

    diff --git src/wp-includes/ms-functions.php src/wp-includes/ms-functions.php
    index f41d2b6..cf96918 100644
    function get_blog_id_from_url( $domain, $path = '/' ) { 
    331331// Admin functions
    332332
    333333/**
    334  * Checks an email address against a list of banned domains.
    335  *
    336  * This function checks against the Banned Email Domains list
    337  * at wp-admin/network/settings.php. The check is only run on
    338  * self-registrations; user creation at wp-admin/network/users.php
    339  * bypasses this check.
    340  *
    341  * @since MU
    342  *
    343  * @param string $user_email The email provided by the user at registration.
    344  * @return bool Returns true when the email address is banned.
    345  */
    346 function is_email_address_unsafe( $user_email ) {
    347         $banned_names = get_site_option( 'banned_email_domains' );
    348         if ( $banned_names && ! is_array( $banned_names ) )
    349                 $banned_names = explode( "\n", $banned_names );
    350 
    351         $is_email_address_unsafe = false;
    352 
    353         if ( $banned_names && is_array( $banned_names ) ) {
    354                 $banned_names = array_map( 'strtolower', $banned_names );
    355                 $normalized_email = strtolower( $user_email );
    356 
    357                 list( $email_local_part, $email_domain ) = explode( '@', $normalized_email );
    358 
    359                 foreach ( $banned_names as $banned_domain ) {
    360                         if ( ! $banned_domain )
    361                                 continue;
    362 
    363                         if ( $email_domain == $banned_domain ) {
    364                                 $is_email_address_unsafe = true;
    365                                 break;
    366                         }
    367 
    368                         $dotted_domain = ".$banned_domain";
    369                         if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) {
    370                                 $is_email_address_unsafe = true;
    371                                 break;
    372                         }
    373                 }
    374         }
    375 
    376         /**
    377          * Filter whether an email address is unsafe.
    378          *
    379          * @since 3.5.0
    380          *
    381          * @param bool   $is_email_address_unsafe Whether the email address is "unsafe". Default false.
    382          * @param string $user_email              User email address.
    383          */
    384         return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email );
    385 }
    386 
    387 /**
    388334 * Sanitize and validate data required for a user sign-up.
    389335 *
    390336 * Verifies the validity and uniqueness of user names and user email addresses,
    function wpmu_validate_user_signup($user_name, $user_email) { 
    417363                $user_name = $orig_username;
    418364        }
    419365
    420         $user_email = sanitize_email( $user_email );
    421 
    422366        if ( empty( $user_name ) )
    423367                $errors->add('user_name', __( 'Please enter a username.' ) );
    424368
    function wpmu_validate_user_signup($user_name, $user_email) { 
    438382                $errors->add( 'user_name',  __( 'Sorry, that username is not allowed.' ) );
    439383        }
    440384
    441         if ( is_email_address_unsafe( $user_email ) )
    442                 $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
    443 
    444385        if ( strlen( $user_name ) < 4 )
    445386                $errors->add('user_name',  __( 'Username must be at least 4 characters.' ) );
    446387
    function wpmu_validate_user_signup($user_name, $user_email) { 
    452393        if ( preg_match( '/^[0-9]*$/', $user_name ) )
    453394                $errors->add('user_name', __('Sorry, usernames must have letters too!'));
    454395
    455         if ( !is_email( $user_email ) )
    456                 $errors->add('user_email', __( 'Please enter a valid email address.' ) );
    457 
    458         $limited_email_domains = get_site_option( 'limited_email_domains' );
    459         if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) {
    460                 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
    461                 if ( ! in_array( $emaildomain, $limited_email_domains ) ) {
    462                         $errors->add('user_email', __('Sorry, that email address is not allowed!'));
     396        // Check the email address
     397        $is_email_valid = validate_user_email( $user_email );
     398        if ( true !== $is_email_valid ) {
     399                foreach ( $is_email_valid as $email_error ) {
     400                        $errors->add( 'user_email', $email_error );
    463401                }
    464402        }
    465403
    function wpmu_validate_user_signup($user_name, $user_email) { 
    467405        if ( username_exists($user_name) )
    468406                $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) );
    469407
    470         // Check if the email address has been used already.
    471         if ( email_exists($user_email) )
    472                 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) );
    473 
    474408        // Has someone already signed up for this username?
    475409        $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) );
    476410        if ( $signup != null ) {
  • src/wp-includes/user.php

    diff --git src/wp-includes/user.php src/wp-includes/user.php
    index 32b0ec7..095a31e 100644
    function email_exists( $email ) { 
    11941194}
    11951195
    11961196/**
     1197 * Checks an email address against a list of allowed domains.
     1198 *
     1199 * This function checks agains the Limited Email Domains list
     1200 * at wp-admin/network/settings.php or wp-admin/options-general.php.
     1201 * The check is only run on self-registrations.
     1202 * User creation at wp-admin/network/users.php or wp-admin/user-new.php
     1203 * bypasses this check.
     1204 *
     1205 * @since ?.?
     1206 *
     1207 * @param string $user_email The email provided by the user at registration
     1208 * @return bool True when the email address is allowed, False otherwise.
     1209 */
     1210function is_email_address_allowed( $user_email ) {
     1211        $is_allowed = true;
     1212        $limited_email_domains = get_site_option( 'limited_email_domains' );
     1213
     1214        if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) === false ) {
     1215                $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
     1216
     1217                if ( ! in_array( $emaildomain, $limited_email_domains ) ) {
     1218                        $is_allowed = false;
     1219                }
     1220        }
     1221
     1222        /**
     1223         * Filter whether an email address is allowed.
     1224         *
     1225         * @since ?.?
     1226         *
     1227         * @param bool   $is_allowed Whether the email address is allowed. Default True.
     1228         * @param string $user_email User email address.
     1229         */
     1230        return apply_filters( 'is_email_address_allowed', $is_allowed, $user_email );
     1231}
     1232
     1233/**
     1234 * Checks an email address against a list of banned domains.
     1235 *
     1236 * This function checks against the Banned Email Domains list
     1237 * at wp-admin/network/settings.php or wp-admin/options-general.php.
     1238 * The check is only run on self-registrations inside.
     1239 * User creation at wp-admin/network/users.php or wp-admin/user-new.php
     1240 * bypasses this check.
     1241 *
     1242 * @since MU
     1243 *
     1244 * @param string $user_email The email provided by the user at registration.
     1245 * @return bool Returns true when the email address is banned.
     1246 */
     1247function is_email_address_unsafe( $user_email ) {
     1248        $banned_names = get_site_option( 'banned_email_domains' );
     1249        if ( $banned_names && ! is_array( $banned_names ) ) {
     1250                $banned_names = explode( "\n", $banned_names );
     1251        }
     1252
     1253        $is_email_address_unsafe = false;
     1254
     1255        if ( $banned_names && is_array( $banned_names ) ) {
     1256                $banned_names = array_map( 'strtolower', $banned_names );
     1257                $normalized_email = strtolower( $user_email );
     1258
     1259                list( $email_local_part, $email_domain ) = explode( '@', $normalized_email );
     1260
     1261                foreach ( $banned_names as $banned_domain ) {
     1262                        if ( ! $banned_domain ) {
     1263                                continue;
     1264                        }
     1265
     1266                        if ( $email_domain == $banned_domain ) {
     1267                                $is_email_address_unsafe = true;
     1268                                break;
     1269                        }
     1270
     1271                        $dotted_domain = ".$banned_domain";
     1272                        if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) {
     1273                                $is_email_address_unsafe = true;
     1274                                break;
     1275                        }
     1276                }
     1277        }
     1278
     1279        /**
     1280         * Filter whether an email address is unsafe.
     1281         *
     1282         * @since 3.5.0
     1283         *
     1284         * @param bool   $is_email_address_unsafe Whether the email address is "unsafe". Default false.
     1285         * @param string $user_email              User email address.
     1286         */
     1287        return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email );
     1288}
     1289
     1290/**
     1291 * Check to see whether an email address is usable for new user registration
     1292 *
     1293 * This is a convenience function that wraps several disparate email validators
     1294 * throughout WordPress:
     1295 *  - check that an email address is well-formed
     1296 *  - check that the email domain has not been banned by the admin
     1297 *  - check that the email domain is on the whitelist, if one exists
     1298 *  - check that the email address isn't already in use
     1299 *
     1300 * @since ?.?
     1301 *
     1302 * @param string $user_email The email address to check
     1303 * @return bool|array True if the email passes all checks; otherwise an array
     1304 *   of error message strings
     1305 */
     1306function validate_user_email( $user_email ) {
     1307        $errors         = array();
     1308        $is_email_valid = true;
     1309
     1310        $user_email = sanitize_email( $user_email );
     1311
     1312        if ( ! is_email( $user_email ) ) {
     1313                $errors['invalid'] = __( 'Please enter a valid email address.' );
     1314
     1315        // Only perform the other checks on a valid email adress
     1316        } else {
     1317                if ( is_email_address_unsafe( $user_email ) ) {
     1318                        $errors['domain_banned'] = __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' );
     1319                }
     1320
     1321                if ( ! is_email_address_allowed( $user_email ) ) {
     1322                        $errors['domain_not_allowed'] = __( 'Sorry, that email address is not allowed!' );
     1323                }
     1324
     1325                if ( email_exists( $user_email ) ) {
     1326                        $errors['in_use'] = __( 'Sorry, that email address is already used!' );
     1327                }
     1328        }
     1329
     1330        if ( ! empty( $errors ) ) {
     1331                $is_email_valid = $errors;
     1332        }
     1333
     1334        return apply_filters( 'validate_user_email', $is_email_valid, $user_email );
     1335}
     1336
     1337/**
    11971338 * Checks whether a username is valid.
    11981339 *
    11991340 * @since 2.0.1
    function register_new_user( $user_login, $user_email ) { 
    21292270        // Check the email address
    21302271        if ( $user_email == '' ) {
    21312272                $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your email address.' ) );
    2132         } elseif ( ! is_email( $user_email ) ) {
    2133                 $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn&#8217;t correct.' ) );
    2134                 $user_email = '';
    2135         } elseif ( email_exists( $user_email ) ) {
    2136                 $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) );
     2273        }
     2274
     2275        $is_email_valid = validate_user_email( $user_email );
     2276        if ( true !== $is_email_valid ) {
     2277                foreach ( $is_email_valid as $email_error ) {
     2278                        $errors->add( 'user_email', sprintf( __( '<strong>ERROR</strong>: %s' ), $email_error ) );
     2279                }
    21372280        }
    21382281
    21392282        /**