WordPress.org

Make WordPress Core

Opened 10 months ago

Last modified 9 months ago

#52976 new defect (bug)

user emails comparison should be case insensitive — at Version 3

Reported by: asaifm Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.3
Component: Users Keywords: good-first-bug has-patch
Focuses: Cc:

Description (last modified by sabernhardt)

In user.php for WordPress 5.7, email update comparisons are case sensitive. Is there a specific reason for this? Because emails are case insensitive. Here is the line that does that:

if ( isset( $userdata['user_email'] ) && $user['user_email'] !== $userdata['user_email'] )


Can the function:

strcasecmp

be used instead? The problem is that there is a plugin that uses the function:

wp_update_user

And it would send a notification for email change even if it was the casing of the characters only.

Thanks for your time and consideration

Change History (3)

#1 follow-up: @dd32
10 months ago

  • Component changed from General to Users

Hi @asaifm and welcome to Trac!

Updating this to use lower-case comparisons (Just throw it through strtolower() IMHO) seems reasonable, however.. a plugin altering the user email address to lower case does seem unexpected and potentially a bigger bug than this is.

Just as a note, user@example.com and USER@example.com could technically be different users, as the email standard delegates that to the mail servers, however in reality no mail servers that I'm aware of have case sensitive handling..

#2 in reply to: ↑ 1 @asaifm
10 months ago

Hello @dd32,

Thanks for your response. The plugin that uses wp_update_user does not alter the casing. It simply passes the email address to it and does not perform any checks on the similarity of the old and new addresses.

Ok, I have seen your note in https://tools.ietf.org/html/rfc5321 now. I am not sure how to take this further, so feel free to close the ticket if you prefer to stick to the RFC.

Last edited 10 months ago by asaifm (previous) (diff)

#3 @sabernhardt
10 months ago

  • Description modified (diff)
  • Version changed from 5.7 to 4.3

Related: #32158

strcasecmp was used for the wp_insert_user function (but not wp_update_user)

Note: See TracTickets for help on using tickets.