Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#44616 closed defect (bug) (duplicate)

WordPress core registration email field not EAI / IDN (Internationalised Domain Name) compatible

Reported by: belikewata's profile belikewata Owned by:
Milestone: Priority: normal
Severity: major Version: 4.9.7
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Using latest WordPress 4.9.7, I'm unable to create users using IDN email addresses in the email field. WP's email field invalidates any idn characters - not allowing it to submit. Checking against the UA use case examples (https://uasg.tech/wp-content/uploads/2017/05/UASG004-Use-Cases-for-UA-Readiness-Evaluation-2017-04-17.pdf), ascii-only variations (long/short) strings are accepted however any combination that includes idn/unicode will not validate. Punycode email addresses and domain names will not validate as well.

Test case:

  • fails validation: public registration using idn@… (测试5@普遍接受-测试.世界)
  • fails validation: public registration using ascii@… (info5@…)
  • fails validation: public registration using ascii@… (info3@普遍接受-测试.top )

Interestingly in the backend if I use the admin account to add users, validation results are different:

  • passes validation, user created: backend registration using ascii@… (info5@普遍接受-测试.世界 ). In this case, WP converts the IDN string and stores the email as punycode automatically (info5@…)

I searched the current tickets on this topic but couldn't find it so if there is already a ticket on IDN/EAI please help me refer to it.

Change History (1)

#1 @birgire
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Welcome to WordPress Core Trac @belikewata

The register_new_user() function, from the register part of wp-login.php, calls is_email(), where the validation for the local part:

// LOCAL PART
// Test for invalid characters
if ( ! preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) {
	/** This filter is documented in wp-includes/formatting.php */
	return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
}

and the domain part:

// Test for invalid characters
if ( ! preg_match( '/^[a-z0-9-]+$/i', $sub ) ) {
	/** This filter is documented in wp-includes/formatting.php */
	return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
}

seems to be too restrictive.

The IDN support for is_email() seems to belong to ticket #24487, so I close this one.

Please join in there with your research, thanks.

Note: See TracTickets for help on using tickets.