Make WordPress Core

Opened 4 weeks ago

Last modified 8 days ago

#62032 reviewing enhancement

Fixing the non yoda conditions in ms-functions.php

Reported by: debarghyabanerjee's profile debarghyabanerjee Owned by: audrasjb's profile audrasjb
Milestone: 6.8 Priority: normal
Severity: minor Version:
Component: Networks and Sites Keywords: has-patch
Focuses: multisite, coding-standards Cc:

Description

There are two functions inside ms-functions.php, where if check doesn't have Yoda condition check implemented and also strict comparison is not added.

The two functions are:

  1. newuser_notify_siteadmin();
  2. newblog_notify_siteadmin();

The if check is as follows:

<?php
if ( is_email( $email ) == false ) {
    return false;
}

Change History (6)

This ticket was mentioned in PR #7323 on WordPress/wordpress-develop by @debarghyabanerjee.


4 weeks ago
#1

  • Keywords has-patch added

Trac Ticket: Core-63032

## Problem Statement:

  • In the ms-functions.php file, there are two functions — newuser_notify_siteadmin() and newblog_notify_siteadmin() —that perform email validation using if statements without employing Yoda conditions or strict comparisons. This can potentially lead to issues with robustness and consistency in the validation logic.

## Fix:

  • To enhance the code quality and align with WordPress coding standards, the following updates have been made:
if ( ! is_email( $email ) )

#2 @audrasjb
4 weeks ago

  • Milestone changed from Awaiting Review to 6.7
  • Owner set to audrasjb
  • Status changed from new to reviewing

Thanks for opening this ticket and reporting the issue.
Moving to 6.7.

#3 @SergeyBiryukov
4 weeks ago

Hi there, welcome back to WordPress Trac!

Looks good, and brings some consistency with other is_email() checks in core.

#4 @jrf
4 weeks ago

Note: neither of these conditions would need yoda conditions as there is no comparison with a variable.

And while I would much prefer to change this to a strict === false, I agree that considering the return type of is_email() is string|false AND that the return value of the function is filterable, changing this to the loosy ! ... is the more WordPressy thing to do.

Having said that, it would be better to improve the condition to safeguard the code after it more properly and change it to something like:

<?php
$is_email = is_email( $email );
if ( ! is_string( $is_email ) || empty ( $is_email)  ) {

#5 @debarghyabanerjee
4 weeks ago

Hi @jrf, I was going through the core's codebase and found that in most of the places,

<?php
if ( ! is_email( $email ) ) {

is used, so in my opinion we should keep this to keep the check consistent across the codebase, however I can change the checks as per your suggestion, please let me know, what are your thoughts on this. Thanks.

#6 @davidbaumwald
8 days ago

  • Milestone changed from 6.7 to 6.8

With 6.7 Beta 1 releasing in a few hours, this is being moved to 6.8 given recent momentum towards a resolution.

@audrasjb If you or any committer feels the remaining work can be resolved in time for Beta 1 and wishes to assume ownership, feel free to pull this back into the milestone.

Note: See TracTickets for help on using tickets.