Ticket #21730: 21730.patch

wp-includes/ms-functions.php

@@ -361 +361 @@
 // Admin functions
 
 /**
+ * Checks an email address against a list of allowed domains.
+ *
+ * This function checks agains the Limited Email Domains list
+ * at wp-admin/network/settings.php. The check is only run on
+ * self-registrations; user creation at wp-admin/network/users.php
+ * bypasses this check.
+ *
+ * @since 3.5
+ *
+ * @param string $user_email The email provided by the user at registration
+ * @return bool Returnsn true when the email address is allowed
+ */
+function is_email_address_allowed( $user_email ) {
+        $is_allowed = true;
+        $limited_email_domains = get_site_option( 'limited_email_domains' );
+        if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
+                $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
+                if ( ! in_array( $emaildomain, $limited_email_domains ) ) {
+                        $is_allowed = false;
+                }
+        }
+
+        return apply_filters( 'is_email_address_allowed', $is_allowed );
+}
+
+/**
  * Checks an email address against a list of banned domains.
  *
  * This function checks against the Banned Email Domains list
@@ -374 +400 @@
  * @return bool Returns true when the email address is banned.
  */
 function is_email_address_unsafe( $user_email ) {
+        $is_unsafe = false;
         $banned_names = get_site_option( 'banned_email_domains' );
         if ($banned_names && !is_array( $banned_names ))
                 $banned_names = explode( "\n", $banned_names);
@@ -390 +417 @@
                                         preg_match( $banned_domain, $email_domain )
                                 )
                         )
-                        return true;
+                                $is_unsafe = true;
                 }
         }
-        return false;
+
+        return apply_filters( 'is_email_address_unsafe', $is_unsafe, $user_email );
 }
 
 /**
+ * Check to see whether an email address is usable for a WP user account
+ *
+ * This is a convenience function that wraps several disparate email validators
+ * throughout WordPress:
+ *   - check that an email address is well-formed
+ *   - check that the email domain has not been banned by the admin
+ *   - check that the email domain is on the whitelist, if one exists
+ *   - check that the email address isn't already in use
+ *
+ * @since 1.7
+ * @uses is_email()
+ * @uses is_email_address_unsafe()
+ * @uses is_email_address_allowed()
+ * @uses email_exists()
+ *
+ * @param string $user_email The email address to check
+ * @return bool|array True if the email passes all checks; otherwise an array
+ *   of error codes
+ */
+function wp_validate_email_address( $user_email ) {
+        $errors = array();
+
+        $user_email = sanitize_email( $user_email );
+
+        if ( ! is_email( $user_email ) )
+                $errors['invalid'] = 1;
+
+        if ( is_email_address_unsafe( $user_email ) )
+                $errors['domain_banned'] = 1;
+
+        if ( ! is_email_address_allowed( $user_email ) )
+                $errors['domain_not_allowed'] = 1;
+
+        if ( email_exists( $user_email ) )
+                $errors['in_use'] = 1;
+
+        $retval = ! empty( $errors ) ? $errors : true;
+
+        return apply_filters( 'wp_validate_email_address', $retval, $user_email );
+}
+/**
  * Processes new user registrations.
  *
  * Checks the data provided by the user during signup. Verifies
@@ -433 +502 @@
                 $user_name = $orig_username;
         }
 
-        $user_email = sanitize_email( $user_email );
-
         if ( empty( $user_name ) )
                 $errors->add('user_name', __( 'Please enter a username.' ) );
 
@@ -446 +513 @@
         if ( in_array( $user_name, $illegal_names ) == true )
                 $errors->add('user_name',  __( 'That username is not allowed.' ) );
 
-        if ( is_email_address_unsafe( $user_email ) )
-                $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
-
         if ( strlen( $user_name ) < 4 )
                 $errors->add('user_name',  __( 'Username must be at least 4 characters.' ) );
 
         if ( strpos( ' ' . $user_name, '_' ) != false )
                 $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character &#8220;_&#8221;!' ) );
 
+        // Check if the username has been used already.
+        if ( username_exists($user_name) )
+                $errors->add('user_name', __('Sorry, that username already exists!'));
+
         // all numeric?
         $match = array();
         preg_match( '/[0-9]*/', $user_name, $match );
         if ( $match[0] == $user_name )
                 $errors->add('user_name', __('Sorry, usernames must have letters too!'));
 
-        if ( !is_email( $user_email ) )
-                $errors->add('user_email', __( 'Please enter a correct email address.' ) );
+        $email_check = wp_validate_email_address( $user_email );
 
-        $limited_email_domains = get_site_option( 'limited_email_domains' );
-        if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
-                $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
-                if ( in_array( $emaildomain, $limited_email_domains ) == false )
+        if ( true !== $email_check ) {
+                if ( isset( $email_check['invalid'] ) )
+                        $errors->add('user_email', __( 'Please enter a correct email address.' ) );
+
+                if ( isset( $email_check['domain_banned'] ) )
+                        $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
+
+                if ( isset( $email_check['domain_not_allowed'] ) )
                         $errors->add('user_email', __('Sorry, that email address is not allowed!'));
+
+                if ( isset( $email_check['in_use'] ) )
+                        $errors->add('user_email', __('Sorry, that email address is already used!'));
         }
 
-        // Check if the username has been used already.
-        if ( username_exists($user_name) )
-                $errors->add('user_name', __('Sorry, that username already exists!'));
-
-        // Check if the email address has been used already.
-        if ( email_exists($user_email) )
-                $errors->add('user_email', __('Sorry, that email address is already used!'));
-
         // Has someone already signed up for this username?
         $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) );
         if ( $signup != null ) {