Make WordPress Core


Ignore:
Timestamp:
05/09/2017 04:54:52 PM (8 years ago)
Author:
jeremyfelt
Message:

Multisite: Check only valid looking emails against banned domain list.

If an email address is missing an @, we can't assume enough to check it against a list of domain names.

Additional validation of email should happen in is_email() before being passed to is_email_address_unsafe().

Fixes #39915.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/multisite/isEmailAddressUnsafe.php

    r32646 r40595  
    121121        );
    122122    }
     123
     124    public function test_email_with_only_top_level_domain_returns_safe() {
     125        update_site_option( 'banned_email_domains', 'bar.com' );
     126        $safe = is_email_address_unsafe( 'email@localhost' );
     127        delete_site_option( 'banned_email_domains' );
     128
     129        $this->assertFalse( $safe );
     130    }
     131
     132    public function test_invalid_email_without_domain_returns_safe() {
     133        update_site_option( 'banned_email_domains', 'bar.com' );
     134        $safe = is_email_address_unsafe( 'invalid-email' );
     135        delete_site_option( 'bar.com' );
     136
     137        $this->assertFalse( $safe );
     138    }
    123139}
    124140
Note: See TracChangeset for help on using the changeset viewer.