Index: wp-includes/ms-functions.php =================================================================== --- wp-includes/ms-functions.php (revision 21655) +++ wp-includes/ms-functions.php (working copy) @@ -361,6 +361,32 @@ // Admin functions /** + * Checks an email address against a list of allowed domains. + * + * This function checks agains the Limited Email Domains list + * at wp-admin/network/settings.php. The check is only run on + * self-registrations; user creation at wp-admin/network/users.php + * bypasses this check. + * + * @since 3.5 + * + * @param string $user_email The email provided by the user at registration + * @return bool Returnsn true when the email address is allowed + */ +function is_email_address_allowed( $user_email ) { + $is_allowed = true; + $limited_email_domains = get_site_option( 'limited_email_domains' ); + if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { + $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); + if ( ! in_array( $emaildomain, $limited_email_domains ) ) { + $is_allowed = false; + } + } + + return apply_filters( 'is_email_address_allowed', $is_allowed ); +} + +/** * Checks an email address against a list of banned domains. * * This function checks against the Banned Email Domains list @@ -374,6 +400,7 @@ * @return bool Returns true when the email address is banned. */ function is_email_address_unsafe( $user_email ) { + $is_unsafe = false; $banned_names = get_site_option( 'banned_email_domains' ); if ($banned_names && !is_array( $banned_names )) $banned_names = explode( "\n", $banned_names); @@ -390,13 +417,55 @@ preg_match( $banned_domain, $email_domain ) ) ) - return true; + $is_unsafe = true; } } - return false; + + return apply_filters( 'is_email_address_unsafe', $is_unsafe, $user_email ); } /** + * Check to see whether an email address is usable for a WP user account + * + * This is a convenience function that wraps several disparate email validators + * throughout WordPress: + * - check that an email address is well-formed + * - check that the email domain has not been banned by the admin + * - check that the email domain is on the whitelist, if one exists + * - check that the email address isn't already in use + * + * @since 1.7 + * @uses is_email() + * @uses is_email_address_unsafe() + * @uses is_email_address_allowed() + * @uses email_exists() + * + * @param string $user_email The email address to check + * @return bool|array True if the email passes all checks; otherwise an array + * of error codes + */ +function wp_validate_email_address( $user_email ) { + $errors = array(); + + $user_email = sanitize_email( $user_email ); + + if ( ! is_email( $user_email ) ) + $errors['invalid'] = 1; + + if ( is_email_address_unsafe( $user_email ) ) + $errors['domain_banned'] = 1; + + if ( ! is_email_address_allowed( $user_email ) ) + $errors['domain_not_allowed'] = 1; + + if ( email_exists( $user_email ) ) + $errors['in_use'] = 1; + + $retval = ! empty( $errors ) ? $errors : true; + + return apply_filters( 'wp_validate_email_address', $retval, $user_email ); +} +/** * Processes new user registrations. * * Checks the data provided by the user during signup. Verifies @@ -433,8 +502,6 @@ $user_name = $orig_username; } - $user_email = sanitize_email( $user_email ); - if ( empty( $user_name ) ) $errors->add('user_name', __( 'Please enter a username.' ) ); @@ -446,39 +513,38 @@ if ( in_array( $user_name, $illegal_names ) == true ) $errors->add('user_name', __( 'That username is not allowed.' ) ); - if ( is_email_address_unsafe( $user_email ) ) - $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); - if ( strlen( $user_name ) < 4 ) $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); if ( strpos( ' ' . $user_name, '_' ) != false ) $errors->add( 'user_name', __( 'Sorry, usernames may not contain the character “_”!' ) ); + // Check if the username has been used already. + if ( username_exists($user_name) ) + $errors->add('user_name', __('Sorry, that username already exists!')); + // all numeric? $match = array(); preg_match( '/[0-9]*/', $user_name, $match ); if ( $match[0] == $user_name ) $errors->add('user_name', __('Sorry, usernames must have letters too!')); - if ( !is_email( $user_email ) ) - $errors->add('user_email', __( 'Please enter a correct email address.' ) ); + $email_check = wp_validate_email_address( $user_email ); - $limited_email_domains = get_site_option( 'limited_email_domains' ); - if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) { - $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); - if ( in_array( $emaildomain, $limited_email_domains ) == false ) + if ( true !== $email_check ) { + if ( isset( $email_check['invalid'] ) ) + $errors->add('user_email', __( 'Please enter a correct email address.' ) ); + + if ( isset( $email_check['domain_banned'] ) ) + $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); + + if ( isset( $email_check['domain_not_allowed'] ) ) $errors->add('user_email', __('Sorry, that email address is not allowed!')); + + if ( isset( $email_check['in_use'] ) ) + $errors->add('user_email', __('Sorry, that email address is already used!')); } - // Check if the username has been used already. - if ( username_exists($user_name) ) - $errors->add('user_name', __('Sorry, that username already exists!')); - - // Check if the email address has been used already. - if ( email_exists($user_email) ) - $errors->add('user_email', __('Sorry, that email address is already used!')); - // Has someone already signed up for this username? $signup = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->signups WHERE user_login = %s", $user_name) ); if ( $signup != null ) {