Changeset 49271 for trunk/src/wp-includes/class-wp-xmlrpc-server.php

Timestamp:

10/22/2020 02:40:06 AM (4 years ago)

Author:

peterwilsoncc

Message:

XML-RPC: Fix length validation of anonymous commenter's email address.

Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.

Follow up to [47808].
Fixes #51595.

File:

• trunk/src/wp-includes/class-wp-xmlrpc-server.php (modified) (1 diff)

trunk/src/wp-includes/class-wp-xmlrpc-server.php

@@ -3914 +3914 @@
 
             if ( get_option( 'require_name_email' ) ) {
-                if ( strlen( $comment['comment_author_email'] < 6 ) || '' === $comment['comment_author'] ) {
+                if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
                     return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
                 } elseif ( ! is_email( $comment['comment_author_email'] ) ) {