Make WordPress Core


Ignore:
Timestamp:
05/09/2017 04:32:53 PM (7 years ago)
Author:
jeremyfelt
Message:

Multisite: Validate email before checking against banned domains.

Previously, an invalid email could result in an undefined index when attempting to determine the email domain.

Props ocean90.
See #39915.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/ms-functions.php

    r40593 r40594  
    443443    }
    444444
    445     if ( is_email_address_unsafe( $user_email ) )
    446         $errors->add('user_email',  __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
     445    if ( ! is_email( $user_email ) ) {
     446        $errors->add( 'user_email', __( 'Please enter a valid email address.' ) );
     447    } elseif ( is_email_address_unsafe( $user_email ) ) {
     448        $errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) );
     449    }
    447450
    448451    if ( strlen( $user_name ) < 4 )
     
    456459    if ( preg_match( '/^[0-9]*$/', $user_name ) )
    457460        $errors->add('user_name', __('Sorry, usernames must have letters too!'));
    458 
    459     if ( !is_email( $user_email ) )
    460         $errors->add('user_email', __( 'Please enter a valid email address.' ) );
    461461
    462462    $limited_email_domains = get_site_option( 'limited_email_domains' );
Note: See TracChangeset for help on using the changeset viewer.