Opened 14 years ago
Last modified 5 years ago
#14767 new defect (bug)
wp_create_user() does not check for a valid email address
Reported by: | mrwiblog | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Users | Keywords: | has-patch |
Focuses: | Cc: |
Description
When creating a new user an invalid email address (for example user@) will result in a zero-length string in the email field of the users table. If another new user is subsequently created with another invalid email address the error returned is "This email address is already registered."
It would be better for wp_create_user() to check if a valid email address has been given and return a more descriptive error. I attach a patch file for wp-includes/registration.php to include this functionality.
Attachments (1)
Change History (10)
#1
@
14 years ago
- Milestone changed from Awaiting Review to 3.1
This reminds me of a ticket or two. Not sure if there are any duplicates though.
#4
in reply to:
↑ 3
;
follow-up:
↓ 5
@
14 years ago
Replying to nacin:
We should make email addresses required and enforce uniqueness.
I think we should consider doing the opposite: making email addresses just another user datum, like URL. The current system, which de facto requires email addresses, makes it tricky to implement authorization or authentication protocols such as OAuth or OpenID that don't necessarily get you a user's email address.
Aside from emailing password resets (which is not needed for sites accepting those protocols), there's not much reason for core WP to require email addresses.
#5
in reply to:
↑ 4
@
14 years ago
Replying to filosofo:
Replying to nacin:
We should make email addresses required and enforce uniqueness.
I think we should consider doing the opposite: making email addresses just another user datum, like URL. The current system, which de facto requires email addresses, makes it tricky to implement authorization or authentication protocols such as OAuth or OpenID that don't necessarily get you a user's email address.
Aside from emailing password resets (which is not needed for sites accepting those protocols), there's not much reason for core WP to require email addresses.
I agree with Filosofo. This seems to be more of an issue with email_exists() not being cope with being passed an empty string which is the default behavior of some of the functions which rely upon it. If email_exists() is passed an empty string, perhaps it automatically return false without searching the users table.
Patch for wp-includes/registration.php