Opened 14 years ago
Last modified 7 years ago
#17433 new defect (bug)
localhost is not accepted as email domain
Reported by: | sanvila | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 3.2 |
Component: | Formatting | Keywords: | has-patch is-email |
Focuses: | Cc: |
Description (last modified by )
Hi. Tried to install WordPress on a Debian machine not connected to Internet, only for testing purposes, so when the setup procedure asked me for an email address, I used mylogin@localhost. The setup procedure, however, rejected this as "invalid".
I think the bug is exactly in wp-includes/formatting.php, where it says:
// Assume the domain will have at least two subs if ( 2 > count( $subs ) ) { return apply_filters( 'is_email', false, $email, 'domain_no_periods' ); }
So: Could you please special-case "localhost" in is_email() so that it's allowed as email domain?
I guess the probability of someone using @localhost for email "by mistake" is extremely low, so this change will unlikely harm the average user.
Thanks.
Attachments (4)
Change History (21)
#2
@
14 years ago
There are several reasons:
a) localhost
is shorter and I expected it to work.
b) My MTA is usually not configured to accept mail for localhost.localdomain
. I have never had a need for that in 15 years.
What's the problem with supporting localhost
since it's correct?
BTW: The default value for DB_HOST in wp-config-sample.php
is localhost
. It would be somewhat contradictory that localhost
is not even accepted for email!
#3
@
14 years ago
- Cc info@… added
PHP 5.2 is now a requirement, so we should use the filter functions which allow me@localhost
. See the plugin Extend Email Checks for an example.
#5
follow-up:
↓ 6
@
13 years ago
- Cc kurtpayne added
- Keywords has-patch added; needs-patch removed
This patch will allow dotless e-mail domains as long as the server can resolve the domain via a DNS lookup. It should allow "localhost" and other development domains, but prevent "fakedomain" (unless fakedomain resolves on your network).
If DNS times out on an invalid dotless domain, there may be a delay of up to 2 seconds. This should be encountered rarely, but, due to the stacking of sanitize_email() and is_email() may be encountered twice in a row.
Thoughts about this approach?
#6
in reply to:
↑ 5
@
13 years ago
Replying to kurtpayne:
This patch will allow dotless e-mail domains as long as the server can resolve the domain via a DNS lookup. It should allow "localhost" and other development domains, but prevent "fakedomain" (unless fakedomain resolves on your network).
If DNS times out on an invalid dotless domain, there may be a delay of up to 2 seconds. This should be encountered rarely, but, due to the stacking of sanitize_email() and is_email() may be encountered twice in a row.
Thoughts about this approach?
We don't want to add dns lookups to every call to is_email as it could slow down a site unnecessary and lead to other issues.
In general we should probably consider moving all of our validation filtering like this to use the filter_var stuff in PHP 5.2 now it is available to us.
#7
@
13 years ago
@westi I was ready to disagree and defend "user@localhost" as a valid address, but I dug into this a bit more and found this post on stackoverflow.com which changed my mind. The php developers who wrote the e-mail filter don't allow short domains because only FQDNs are allowed in SMTP servers according to RFC 5321.
Submitting patch 17433-2.diff to switch to email code to filter_var() as you and @toscho suggested.
#9
@
11 years ago
- Keywords needs-unit-tests added
- Milestone changed from Awaiting Review to Future Release
Switching to filter_var() is a major design decision. We can move faster than PHP versions; filter_var() has had a lot of bugs over the years that don't get fixed until later versions of PHP if at all; etc. We need to study this carefully. And, yes, OMG it needs unit tests, and lots of them. The worst thing that we could do moving to filter_var() is regressing in other areas, as unlikely it may be here.
Simply whitelisting 'localhost' seems like a good in-the-meantime solution.
#11
@
10 years ago
What RFC or specification is being followed for email addresses? We could probably agree on some rules and add 50 more tests to the formatting phpunit group of is_email validations, and start from there with any refactoring.
Another good question is whether any framework or CMS out there is doing it better, so that we could get some inspiration from there?
This ticket was mentioned in IRC in #wordpress-dev by SergeyBiryukov. View the logs.
10 years ago
#13
@
10 years ago
I've added patch 17433-3.diff, which whitelists localhost as suggested above by Nacin.
This modifies is_email()
(as listed in the original description) and sanitize_email()
, which was also had to be modified.
#14
@
10 years ago
I think we can remove the following check from sanitize_email()
// Assume the domain will have at least two subs, whitelist localhost if ( 2 > count( $subs ) && 'localhost' !== strtolower( $domain ) ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_no_periods' ); }
because it is redundant with this check later in the function
// If there aren't 2 or more valid subs, whitelist localhost if ( 2 > count( $new_subs ) && 'localhost' !== strtolower( $domain ) ) { /** This filter is documented in wp-includes/formatting.php */ return apply_filters( 'sanitize_email', '', $email, 'domain_no_valid_subs' ); }
I've updated this patch with 17433-4.diff
Why not just use email@… ? That should work without issue.