WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 5 years ago

#17890 closed defect (bug) (fixed)

"Add New Site" screen reports invalid email addresses as missing

Reported by: kawauso Owned by: jeremyfelt
Milestone: 4.1 Priority: low
Severity: normal Version: 3.1.3
Component: Networks and Sites Keywords: has-patch commit 3.9-early
Focuses: multisite, administration Cc:
PR Number:

Description

The new site user's email is passed through sanitize_email() and the screen dies with 'Missing email address.' if it's empty().

sanitize_email() returns an empty string (subject to filtering) on invalid email addresses however, so the following is_email() check for invalid email addresses is never even reached.

Steps to reproduce:

  1. Add a new site with an email address such as foo@bar

Attachments (3)

17890.diff (854 bytes) - added by kawauso 8 years ago.
No is_email(), move sanitize_email() later
17890.2.diff (996 bytes) - added by jeremyfelt 6 years ago.
17890.3.diff (1.0 KB) - added by jeremyfelt 5 years ago.

Download all attachments as: .zip

Change History (11)

@kawauso
8 years ago

No is_email(), move sanitize_email() later

#1 @kawauso
8 years ago

  • Keywords has-patch added

Patch moves sanitize_email() call after if checking email is empty. Also removes is_email() call since it performs much the same checks.

@jeremyfelt
6 years ago

#2 @jeremyfelt
6 years ago

  • Milestone changed from Awaiting Review to Future Release
  • Priority changed from normal to low

Confirmed behavior. This is a pretty strange error message to toss up when an invalid email is entered.

17890.2.diff continues to use is_email(), as there is just enough difference in functionality and we should continue to respect the filters that may be extending that. The sanitize_email() use is moved down a bit after we check for a completely missing email address.

#3 @SergeyBiryukov
6 years ago

  • Keywords commit 3.9-early added

#4 @nacin
6 years ago

  • Component changed from Network Admin to Networks and Sites
  • Focuses administration added

#5 @jeremyfelt
5 years ago

  • Milestone changed from Future Release to 4.1

@jeremyfelt
5 years ago

#6 @jeremyfelt
5 years ago

17890.3.diff updates the previous patch to use isset() and a string comparison rather than empty.

Now:

  • foo@bar = invalid email address
  • = missing email address
  • 0 = invalid email address
  • foo@bar.org = ok

This ticket was mentioned in IRC in #wordpress-dev by jeremyfelt. View the logs.


5 years ago

#8 @jeremyfelt
5 years ago

  • Owner set to jeremyfelt
  • Resolution set to fixed
  • Status changed from new to closed

In 29877:

Differentiate between invalid and missing admin emails when adding a new site

Check the emptiness of the admin email before using sanitize_email() and is_email() to determine if the address is valid.

Fixes #17890

Note: See TracTickets for help on using tickets.