Make WordPress Core

Opened 2 years ago

Last modified 8 months ago

#52976 new defect (bug)

user emails comparison should be case insensitive — at Version 3

Reported by: asaifm's profile asaifm Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.3
Component: Users Keywords: good-first-bug has-patch needs-testing
Focuses: Cc:

Description (last modified by sabernhardt)

In user.php for WordPress 5.7, email update comparisons are case sensitive. Is there a specific reason for this? Because emails are case insensitive. Here is the line that does that:

if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] )

Can the function:


be used instead? The problem is that there is a plugin that uses the function:


And it would send a notification for email change even if it was the casing of the characters only.

Thanks for your time and consideration

Change History (3)

#1 follow-up: @dd32
2 years ago

  • Component changed from General to Users

Hi @asaifm and welcome to Trac!

Updating this to use lower-case comparisons (Just throw it through strtolower() IMHO) seems reasonable, however.. a plugin altering the user email address to lower case does seem unexpected and potentially a bigger bug than this is.

Just as a note, and could technically be different users, as the email standard delegates that to the mail servers, however in reality no mail servers that I'm aware of have case sensitive handling..

#2 in reply to: ↑ 1 @asaifm
2 years ago

Hello @dd32,

Thanks for your response. The plugin that uses wp_update_user does not alter the casing. It simply passes the email address to it and does not perform any checks on the similarity of the old and new addresses.

Ok, I have seen your note in now. I am not sure how to take this further, so feel free to close the ticket if you prefer to stick to the RFC.

Last edited 2 years ago by asaifm (previous) (diff)

#3 @sabernhardt
2 years ago

  • Description modified (diff)
  • Version changed from 5.7 to 4.3

Related: #32158

strcasecmp was used for the wp_insert_user function (but not wp_update_user)

Note: See TracTickets for help on using tickets.