Make WordPress Core

Changeset 40594


Ignore:
Timestamp:
05/09/2017 04:32:53 PM (7 years ago)
Author:
jeremyfelt
Message:

Multisite: Validate email before checking against banned domains.

Previously, an invalid email could result in an undefined index when attempting to determine the email domain.

Props ocean90.
See #39915.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ms-functions.php

    r40593 r40594  
    443443    }
    444444
    445     if ( is_email_address_unsafe( $user_email ) )
    446         $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
     445    if ( ! is_email( $user_email ) ) {
     446        $errors->add( 'user_email', __( 'Please enter a valid email address.' ) );
     447    } elseif ( is_email_address_unsafe( $user_email ) ) {
     448        $errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) );
     449    }
    447450
    448451    if ( strlen( $user_name ) < 4 )
     
    456459    if ( preg_match( '/^[0-9]*$/', $user_name ) )
    457460        $errors->add('user_name', __('Sorry, usernames must have letters too!'));
    458 
    459     if ( !is_email( $user_email ) )
    460         $errors->add('user_email', __( 'Please enter a valid email address.' ) );
    461461
    462462    $limited_email_domains = get_site_option( 'limited_email_domains' );
  • trunk/tests/phpunit/tests/multisite/wpmuValidateUserSignup.php

    r35242 r40594  
    123123    }
    124124
     125    public function test_invalid_email_address_with_no_banned_domains_results_in_error() {
     126        $valid = wpmu_validate_user_signup( 'validusername', 'invalid-email' );
     127
     128        $this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
     129    }
     130
     131    public function test_invalid_email_address_with_banned_domains_results_in_error() {
     132        update_site_option( 'banned_email_domains', "bar.com" );
     133        $valid = wpmu_validate_user_signup( 'validusername', 'invalid-email' );
     134        delete_site_option( 'banned_email_domains' );
     135
     136        $this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
     137    }
     138
     139    public function test_incomplete_email_address_with_no_banned_domains_results_in_error() {
     140        $valid = wpmu_validate_user_signup( 'validusername', 'incomplete@email' );
     141
     142        $this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
     143    }
     144
     145    public function test_valid_email_address_matching_banned_domain_results_in_error() {
     146        update_site_option( 'banned_email_domains', "bar.com" );
     147        $valid = wpmu_validate_user_signup( 'validusername', 'email@bar.com' );
     148        delete_site_option( 'banned_email_domains' );
     149
     150        $this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
     151    }
     152
     153    public function test_valid_email_address_not_matching_banned_domain_returns_in_success() {
     154        update_site_option( 'banned_email_domains', "bar.com" );
     155        $valid = wpmu_validate_user_signup( 'validusername', 'email@example.com' );
     156        delete_site_option( 'banned_email_domains' );
     157
     158        $this->assertNotContains( 'user_email', $valid['errors']->get_error_codes() );
     159    }
    125160}
    126161
Note: See TracChangeset for help on using the changeset viewer.