WordPress.org

Make WordPress Core

Ticket #44191: #44191.patch

File #44191.patch, 3.7 KB (added by arena, 20 months ago)

proposed patch for a total review of is_email code

  • formatting.php

     
    31983198/**
    31993199 * Verifies that an email is valid.
    32003200 *
    3201  * Does not grok i18n domains. Not RFC compliant.
     3201 *   rfc822 - Standard for the Format of ARPA Internet Text Messages
    32023202 *
     3203 *     This validates e-mail addresses against the syntax in RFC 822,
     3204 *     with the exceptions that comments and whitespace folding
     3205 *     and dotless domain names are not supported. (php.net)
     3206 *
    32033207 * @since 0.71
    32043208 *
    32053209 * @param string $email      Email address to verify.
     
    32113215                _deprecated_argument( __FUNCTION__, '3.0.0' );
    32123216        }
    32133217
    3214         // Test for the minimum length the email can be
    3215         if ( strlen( $email ) < 6 ) {
    3216                 /**
    3217                  * Filters whether an email address is valid.
    3218                  *
    3219                  * This filter is evaluated under several different contexts, such as 'email_too_short',
    3220                  * 'email_no_at', 'local_invalid_chars', 'domain_period_sequence', 'domain_period_limits',
    3221                  * 'domain_no_periods', 'sub_hyphen_limits', 'sub_invalid_chars', or no specific context.
    3222                  *
    3223                  * @since 2.8.0
    3224                  *
    3225                  * @param bool   $is_email Whether the email address has passed the is_email() checks. Default false.
    3226                  * @param string $email    The email address being checked.
    3227                  * @param string $context  Context under which the email was tested.
    3228                  */
    3229                 return apply_filters( 'is_email', false, $email, 'email_too_short' );
    3230         }
     3218        $is_email = filter_var( $email, FILTER_VALIDATE_EMAIL );
    32313219
    3232         // Test for an @ character after the first position
    3233         if ( strpos( $email, '@', 1 ) === false ) {
    3234                 /** This filter is documented in wp-includes/formatting.php */
    3235                 return apply_filters( 'is_email', false, $email, 'email_no_at' );
     3220        if ( !$is_email ) {
     3221                return apply_filters( 'is_email', false, $email, 'RFC822' );
    32363222        }
    32373223
    3238         // Split out the local and domain parts
    3239         list( $local, $domain ) = explode( '@', $email, 2 );
    3240 
    3241         // LOCAL PART
    3242         // Test for invalid characters
    3243         if ( ! preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) {
    3244                 /** This filter is documented in wp-includes/formatting.php */
    3245                 return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
    3246         }
    3247 
    3248         // DOMAIN PART
    3249         // Test for sequences of periods
    3250         if ( preg_match( '/\.{2,}/', $domain ) ) {
    3251                 /** This filter is documented in wp-includes/formatting.php */
    3252                 return apply_filters( 'is_email', false, $email, 'domain_period_sequence' );
    3253         }
    3254 
    3255         // Test for leading and trailing periods and whitespace
    3256         if ( trim( $domain, " \t\n\r\0\x0B." ) !== $domain ) {
    3257                 /** This filter is documented in wp-includes/formatting.php */
    3258                 return apply_filters( 'is_email', false, $email, 'domain_period_limits' );
    3259         }
    3260 
    3261         // Split the domain into subs
    3262         $subs = explode( '.', $domain );
    3263 
    3264         // Assume the domain will have at least two subs
    3265         if ( 2 > count( $subs ) ) {
    3266                 /** This filter is documented in wp-includes/formatting.php */
    3267                 return apply_filters( 'is_email', false, $email, 'domain_no_periods' );
    3268         }
    3269 
    3270         // Loop through each sub
    3271         foreach ( $subs as $sub ) {
    3272                 // Test for leading and trailing hyphens and whitespace
    3273                 if ( trim( $sub, " \t\n\r\0\x0B-" ) !== $sub ) {
    3274                         /** This filter is documented in wp-includes/formatting.php */
    3275                         return apply_filters( 'is_email', false, $email, 'sub_hyphen_limits' );
    3276                 }
    3277 
    3278                 // Test for invalid characters
    3279                 if ( ! preg_match( '/^[a-z0-9-]+$/i', $sub ) ) {
    3280                         /** This filter is documented in wp-includes/formatting.php */
    3281                         return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
    3282                 }
    3283         }
    3284 
    32853224        // Congratulations your email made it!
    32863225        /** This filter is documented in wp-includes/formatting.php */
    32873226        return apply_filters( 'is_email', $email, $email, null );