Opened 13 years ago
Closed 13 years ago
#19614 closed enhancement (fixed)
get_avatar should ignore whitespace in email addresses
Reported by: | evansolomon | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
Email addresses never contain valid whitespace, so passing them to get_avatar
incorrectly results in the mystery man avatar. If an email address contains whitespace we should remove it before making a request to Gravatar.
In particular, this is likely cause problems in places where an email address is likely to be pasted in, like person-specific custom post types (e.g. Employees) with email fields.
Attachments (2)
Change History (11)
#3
in reply to:
↑ 2
@
13 years ago
Replying to johnbillion:
If the email address needs to be valid (in your case they do as you're using them to display Gravatars) then you should be validating the email addresses when they're entered.
I don't think there's a common use case for preferring invalid emails, which makes me think it should be done universally. If that's the case, requiring a plugin or theme author to strip always-wrong characters from every email input seems inefficient. That is what I interpret validating them on input to mean.
What if an email address contains other disallowed characters? Why are you only stripping whitespace?
Whitespace is an obvious and simple case to protect against. It was also the cause of a problem I just encountered. I started with the low-hanging fruit, making this more robust would be great.
#4
follow-up:
↓ 5
@
13 years ago
Perhaps just md5( strtolower( trim( $email ) ) )
would be enough here?
#5
in reply to:
↑ 4
@
13 years ago
Replying to SergeyBiryukov:
Perhaps just
md5( strtolower( trim( $email ) ) )
would be enough here?
I considered that, and it probably solves the vast majority of the problems. While I was in there, I figured it was worth being more aggressive, but I'm not opposed to either one.
#6
follow-up:
↓ 7
@
13 years ago
- Milestone changed from Awaiting Review to 3.4
Gravatar specifically suggests to trim, strtolower, then md5 the email address. I suggest we do exactly the same (and I'm surprised we don't).
Seems to me like this is the wrong place to be testing for whitespace in an email address. If the email address needs to be valid (in your case they do as you're using them to display Gravatars) then you should be validating the email addresses when they're entered. What if an email address contains other disallowed characters? Why are you only stripping whitespace?