Ticket #21730: 21730.02.patch
File 21730.02.patch, 13.2 KB (added by , 5 years ago) |
---|
-
src/wp-admin/options-general.php
diff --git src/wp-admin/options-general.php src/wp-admin/options-general.php index 220b07e..d4e7250 100644
include( ABSPATH . 'wp-admin/admin-header.php' ); 73 73 <tr> 74 74 <th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th> 75 75 <td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" /> 76 <?php if ( ! defined( 'WP_HOME' ) ) : ?> 76 <?php if ( ! defined( 'WP_HOME' ) ) : ?> 77 77 <p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td> 78 78 <?php endif; ?> 79 79 </tr> … … include( ABSPATH . 'wp-admin/admin-header.php' ); 90 90 </fieldset></td> 91 91 </tr> 92 92 <tr> 93 <th scope="row"><?php _e( 'Limited Email Registrations' ) ?></th> 94 <td> <fieldset><legend class="screen-reader-text"><span><?php _e( 'Limited Email Registrations' ) ?></span></legend> 95 <p><label for="limited_email_domains"><?php _e( 'If you want to limit site registrations to certain domains. One domain per line.' ) ?></label></p> 96 <?php $limited_email_domains = get_option( 'limited_email_domains' ); 97 $limited_email_domains = str_replace( ' ', "\n", $limited_email_domains ); ?> 98 <p> 99 <textarea name="limited_email_domains" id="limited_email_domains" cols="45" rows="5" class="large-text code"><?php echo esc_textarea( $limited_email_domains == '' ? '' : implode( "\n", (array) $limited_email_domains ) ); ?></textarea> 100 </p> 101 </fieldset></td> 102 </tr> 103 <tr> 104 <th scope="row"><?php _e( 'Banned Email Domains' ) ?></th> 105 <td> <fieldset><legend class="screen-reader-text"><span><?php _e( 'Banned Email Domains' ) ?></span></legend> 106 <p><label for="banned_email_domains"><?php _e( 'If you want to ban domains from site registrations. One domain per line.' ) ?></label></p> 107 <?php $banned_email_domains = get_option( 'banned_email_domains' ); 108 $banned_email_domains = str_replace( ' ', "\n", $banned_email_domains ); ?> 109 <p> 110 <textarea name="banned_email_domains" id="banned_email_domains" cols="45" rows="5" class="large-text code"><?php echo esc_textarea( $banned_email_domains == '' ? '' : implode( "\n", (array) $banned_email_domains ) ); ?></textarea> 111 </p> 112 </fieldset></td> 113 </tr> 114 <tr> 93 115 <th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th> 94 116 <td> 95 117 <select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select> -
src/wp-admin/options.php
diff --git src/wp-admin/options.php src/wp-admin/options.php index e2bfa90..8bd1bc4 100644
if ( !is_multisite() ) { 108 108 109 109 $whitelist_options['general'][] = 'admin_email'; 110 110 $whitelist_options['general'][] = 'users_can_register'; 111 $whitelist_options['general'][] = 'limited_email_domains'; 112 $whitelist_options['general'][] = 'banned_email_domains'; 111 113 $whitelist_options['general'][] = 'default_role'; 112 114 113 115 $whitelist_options['writing'] = array_merge($whitelist_options['writing'], $mail_options); -
src/wp-includes/ms-functions.php
diff --git src/wp-includes/ms-functions.php src/wp-includes/ms-functions.php index f41d2b6..cf96918 100644
function get_blog_id_from_url( $domain, $path = '/' ) { 331 331 // Admin functions 332 332 333 333 /** 334 * Checks an email address against a list of banned domains.335 *336 * This function checks against the Banned Email Domains list337 * at wp-admin/network/settings.php. The check is only run on338 * self-registrations; user creation at wp-admin/network/users.php339 * bypasses this check.340 *341 * @since MU342 *343 * @param string $user_email The email provided by the user at registration.344 * @return bool Returns true when the email address is banned.345 */346 function is_email_address_unsafe( $user_email ) {347 $banned_names = get_site_option( 'banned_email_domains' );348 if ( $banned_names && ! is_array( $banned_names ) )349 $banned_names = explode( "\n", $banned_names );350 351 $is_email_address_unsafe = false;352 353 if ( $banned_names && is_array( $banned_names ) ) {354 $banned_names = array_map( 'strtolower', $banned_names );355 $normalized_email = strtolower( $user_email );356 357 list( $email_local_part, $email_domain ) = explode( '@', $normalized_email );358 359 foreach ( $banned_names as $banned_domain ) {360 if ( ! $banned_domain )361 continue;362 363 if ( $email_domain == $banned_domain ) {364 $is_email_address_unsafe = true;365 break;366 }367 368 $dotted_domain = ".$banned_domain";369 if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) {370 $is_email_address_unsafe = true;371 break;372 }373 }374 }375 376 /**377 * Filter whether an email address is unsafe.378 *379 * @since 3.5.0380 *381 * @param bool $is_email_address_unsafe Whether the email address is "unsafe". Default false.382 * @param string $user_email User email address.383 */384 return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email );385 }386 387 /**388 334 * Sanitize and validate data required for a user sign-up. 389 335 * 390 336 * Verifies the validity and uniqueness of user names and user email addresses, … … function wpmu_validate_user_signup($user_name, $user_email) { 417 363 $user_name = $orig_username; 418 364 } 419 365 420 $user_email = sanitize_email( $user_email );421 422 366 if ( empty( $user_name ) ) 423 367 $errors->add('user_name', __( 'Please enter a username.' ) ); 424 368 … … function wpmu_validate_user_signup($user_name, $user_email) { 438 382 $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); 439 383 } 440 384 441 if ( is_email_address_unsafe( $user_email ) )442 $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));443 444 385 if ( strlen( $user_name ) < 4 ) 445 386 $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); 446 387 … … function wpmu_validate_user_signup($user_name, $user_email) { 452 393 if ( preg_match( '/^[0-9]*$/', $user_name ) ) 453 394 $errors->add('user_name', __('Sorry, usernames must have letters too!')); 454 395 455 if ( !is_email( $user_email ) ) 456 $errors->add('user_email', __( 'Please enter a valid email address.' ) ); 457 458 $limited_email_domains = get_site_option( 'limited_email_domains' ); 459 if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { 460 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); 461 if ( ! in_array( $emaildomain, $limited_email_domains ) ) { 462 $errors->add('user_email', __('Sorry, that email address is not allowed!')); 396 // Check the email address 397 $is_email_valid = validate_user_email( $user_email ); 398 if ( true !== $is_email_valid ) { 399 foreach ( $is_email_valid as $email_error ) { 400 $errors->add( 'user_email', $email_error ); 463 401 } 464 402 } 465 403 … … function wpmu_validate_user_signup($user_name, $user_email) { 467 405 if ( username_exists($user_name) ) 468 406 $errors->add( 'user_name', __( 'Sorry, that username already exists!' ) ); 469 407 470 // Check if the email address has been used already.471 if ( email_exists($user_email) )472 $errors->add( 'user_email', __( 'Sorry, that email address is already used!' ) );473 474 408 // Has someone already signed up for this username? 475 409 $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); 476 410 if ( $signup != null ) { -
src/wp-includes/user.php
diff --git src/wp-includes/user.php src/wp-includes/user.php index 32b0ec7..095a31e 100644
function email_exists( $email ) { 1194 1194 } 1195 1195 1196 1196 /** 1197 * Checks an email address against a list of allowed domains. 1198 * 1199 * This function checks agains the Limited Email Domains list 1200 * at wp-admin/network/settings.php or wp-admin/options-general.php. 1201 * The check is only run on self-registrations. 1202 * User creation at wp-admin/network/users.php or wp-admin/user-new.php 1203 * bypasses this check. 1204 * 1205 * @since ?.? 1206 * 1207 * @param string $user_email The email provided by the user at registration 1208 * @return bool True when the email address is allowed, False otherwise. 1209 */ 1210 function is_email_address_allowed( $user_email ) { 1211 $is_allowed = true; 1212 $limited_email_domains = get_site_option( 'limited_email_domains' ); 1213 1214 if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) === false ) { 1215 $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); 1216 1217 if ( ! in_array( $emaildomain, $limited_email_domains ) ) { 1218 $is_allowed = false; 1219 } 1220 } 1221 1222 /** 1223 * Filter whether an email address is allowed. 1224 * 1225 * @since ?.? 1226 * 1227 * @param bool $is_allowed Whether the email address is allowed. Default True. 1228 * @param string $user_email User email address. 1229 */ 1230 return apply_filters( 'is_email_address_allowed', $is_allowed, $user_email ); 1231 } 1232 1233 /** 1234 * Checks an email address against a list of banned domains. 1235 * 1236 * This function checks against the Banned Email Domains list 1237 * at wp-admin/network/settings.php or wp-admin/options-general.php. 1238 * The check is only run on self-registrations inside. 1239 * User creation at wp-admin/network/users.php or wp-admin/user-new.php 1240 * bypasses this check. 1241 * 1242 * @since MU 1243 * 1244 * @param string $user_email The email provided by the user at registration. 1245 * @return bool Returns true when the email address is banned. 1246 */ 1247 function is_email_address_unsafe( $user_email ) { 1248 $banned_names = get_site_option( 'banned_email_domains' ); 1249 if ( $banned_names && ! is_array( $banned_names ) ) { 1250 $banned_names = explode( "\n", $banned_names ); 1251 } 1252 1253 $is_email_address_unsafe = false; 1254 1255 if ( $banned_names && is_array( $banned_names ) ) { 1256 $banned_names = array_map( 'strtolower', $banned_names ); 1257 $normalized_email = strtolower( $user_email ); 1258 1259 list( $email_local_part, $email_domain ) = explode( '@', $normalized_email ); 1260 1261 foreach ( $banned_names as $banned_domain ) { 1262 if ( ! $banned_domain ) { 1263 continue; 1264 } 1265 1266 if ( $email_domain == $banned_domain ) { 1267 $is_email_address_unsafe = true; 1268 break; 1269 } 1270 1271 $dotted_domain = ".$banned_domain"; 1272 if ( $dotted_domain === substr( $normalized_email, -strlen( $dotted_domain ) ) ) { 1273 $is_email_address_unsafe = true; 1274 break; 1275 } 1276 } 1277 } 1278 1279 /** 1280 * Filter whether an email address is unsafe. 1281 * 1282 * @since 3.5.0 1283 * 1284 * @param bool $is_email_address_unsafe Whether the email address is "unsafe". Default false. 1285 * @param string $user_email User email address. 1286 */ 1287 return apply_filters( 'is_email_address_unsafe', $is_email_address_unsafe, $user_email ); 1288 } 1289 1290 /** 1291 * Check to see whether an email address is usable for new user registration 1292 * 1293 * This is a convenience function that wraps several disparate email validators 1294 * throughout WordPress: 1295 * - check that an email address is well-formed 1296 * - check that the email domain has not been banned by the admin 1297 * - check that the email domain is on the whitelist, if one exists 1298 * - check that the email address isn't already in use 1299 * 1300 * @since ?.? 1301 * 1302 * @param string $user_email The email address to check 1303 * @return bool|array True if the email passes all checks; otherwise an array 1304 * of error message strings 1305 */ 1306 function validate_user_email( $user_email ) { 1307 $errors = array(); 1308 $is_email_valid = true; 1309 1310 $user_email = sanitize_email( $user_email ); 1311 1312 if ( ! is_email( $user_email ) ) { 1313 $errors['invalid'] = __( 'Please enter a valid email address.' ); 1314 1315 // Only perform the other checks on a valid email adress 1316 } else { 1317 if ( is_email_address_unsafe( $user_email ) ) { 1318 $errors['domain_banned'] = __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ); 1319 } 1320 1321 if ( ! is_email_address_allowed( $user_email ) ) { 1322 $errors['domain_not_allowed'] = __( 'Sorry, that email address is not allowed!' ); 1323 } 1324 1325 if ( email_exists( $user_email ) ) { 1326 $errors['in_use'] = __( 'Sorry, that email address is already used!' ); 1327 } 1328 } 1329 1330 if ( ! empty( $errors ) ) { 1331 $is_email_valid = $errors; 1332 } 1333 1334 return apply_filters( 'validate_user_email', $is_email_valid, $user_email ); 1335 } 1336 1337 /** 1197 1338 * Checks whether a username is valid. 1198 1339 * 1199 1340 * @since 2.0.1 … … function register_new_user( $user_login, $user_email ) { 2129 2270 // Check the email address 2130 2271 if ( $user_email == '' ) { 2131 2272 $errors->add( 'empty_email', __( '<strong>ERROR</strong>: Please type your email address.' ) ); 2132 } elseif ( ! is_email( $user_email ) ) { 2133 $errors->add( 'invalid_email', __( '<strong>ERROR</strong>: The email address isn’t correct.' ) ); 2134 $user_email = ''; 2135 } elseif ( email_exists( $user_email ) ) { 2136 $errors->add( 'email_exists', __( '<strong>ERROR</strong>: This email is already registered, please choose another one.' ) ); 2273 } 2274 2275 $is_email_valid = validate_user_email( $user_email ); 2276 if ( true !== $is_email_valid ) { 2277 foreach ( $is_email_valid as $email_error ) { 2278 $errors->add( 'user_email', sprintf( __( '<strong>ERROR</strong>: %s' ), $email_error ) ); 2279 } 2137 2280 } 2138 2281 2139 2282 /**