sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Multisite: Validate email before checking against banned domains. 

Previously, an invalid email could result in an undefined index when attempting to determine the email domain.

Props ocean90.
See #39915.


git-svn-id: https://develop.svn.wordpress.org/trunk@40594 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jeremy Felt 2017-05-09 16:32:53 +00:00
parent 4678a2c00e
commit 3e9c46812c
2 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/wp-includes/ms-functions.php
View File

@ -442,8 +442,11 @@ function wpmu_validate_user_signup($user_name, $user_email) {
$errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) );
}
if ( is_email_address_unsafe( $user_email ) )
$errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.'));
if ( ! is_email( $user_email ) ) {
$errors->add( 'user_email', __( 'Please enter a valid email address.' ) );
} elseif ( is_email_address_unsafe( $user_email ) ) {
$errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) );
}
if ( strlen( $user_name ) < 4 )
$errors->add('user_name', __( 'Username must be at least 4 characters.' ) );
@ -456,9 +459,6 @@ function wpmu_validate_user_signup($user_name, $user_email) {
if ( preg_match( '/^[0-9]*$/', $user_name ) )
$errors->add('user_name', __('Sorry, usernames must have letters too!'));
if ( !is_email( $user_email ) )
$errors->add('user_email', __( 'Please enter a valid email address.' ) );
$limited_email_domains = get_site_option( 'limited_email_domains' );
if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) {
$emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );

35
tests/phpunit/tests/multisite/wpmuValidateUserSignup.php
View File

@ -122,6 +122,41 @@ class Tests_Multisite_WpmuValidateUserSignup extends WP_UnitTestCase {
$this->assertNotContains( 'user_email', $v['errors']->get_error_codes() );
}
public function test_invalid_email_address_with_no_banned_domains_results_in_error() {
$valid = wpmu_validate_user_signup( 'validusername', 'invalid-email' );
$this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
}
public function test_invalid_email_address_with_banned_domains_results_in_error() {
update_site_option( 'banned_email_domains', "bar.com" );
$valid = wpmu_validate_user_signup( 'validusername', 'invalid-email' );
delete_site_option( 'banned_email_domains' );
$this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
}
public function test_incomplete_email_address_with_no_banned_domains_results_in_error() {
$valid = wpmu_validate_user_signup( 'validusername', 'incomplete@email' );
$this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
}
public function test_valid_email_address_matching_banned_domain_results_in_error() {
update_site_option( 'banned_email_domains', "bar.com" );
$valid = wpmu_validate_user_signup( 'validusername', 'email@bar.com' );
delete_site_option( 'banned_email_domains' );
$this->assertContains( 'user_email', $valid['errors']->get_error_codes() );
}
public function test_valid_email_address_not_matching_banned_domain_returns_in_success() {
update_site_option( 'banned_email_domains', "bar.com" );
$valid = wpmu_validate_user_signup( 'validusername', 'email@example.com' );
delete_site_option( 'banned_email_domains' );
$this->assertNotContains( 'user_email', $valid['errors']->get_error_codes() );
}
}
endif;