From 3600dc562e0430e6d867fb39639b199096989b02 Mon Sep 17 00:00:00 2001 From: Jeremy Felt Date: Tue, 9 May 2017 16:33:46 +0000 Subject: [PATCH] Multisite: Validate email before checking against banned domains. Previously, an invalid email could result in an undefined index when attempting to determine the email domain. Props ocean90. See #39915. Built from https://develop.svn.wordpress.org/trunk@40594 git-svn-id: http://core.svn.wordpress.org/trunk@40464 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/ms-functions.php | 10 +++++----- wp-includes/version.php | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php index 76b3ff5dc8..c81210042b 100644 --- a/wp-includes/ms-functions.php +++ b/wp-includes/ms-functions.php @@ -442,8 +442,11 @@ function wpmu_validate_user_signup($user_name, $user_email) { $errors->add( 'user_name', __( 'Sorry, that username is not allowed.' ) ); } - if ( is_email_address_unsafe( $user_email ) ) - $errors->add('user_email', __('You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.')); + if ( ! is_email( $user_email ) ) { + $errors->add( 'user_email', __( 'Please enter a valid email address.' ) ); + } elseif ( is_email_address_unsafe( $user_email ) ) { + $errors->add( 'user_email', __( 'You cannot use that email address to signup. We are having problems with them blocking some of our email. Please use another email provider.' ) ); + } if ( strlen( $user_name ) < 4 ) $errors->add('user_name', __( 'Username must be at least 4 characters.' ) ); @@ -456,9 +459,6 @@ function wpmu_validate_user_signup($user_name, $user_email) { if ( preg_match( '/^[0-9]*$/', $user_name ) ) $errors->add('user_name', __('Sorry, usernames must have letters too!')); - if ( !is_email( $user_email ) ) - $errors->add('user_email', __( 'Please enter a valid email address.' ) ); - $limited_email_domains = get_site_option( 'limited_email_domains' ); if ( is_array( $limited_email_domains ) && ! empty( $limited_email_domains ) ) { $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 499c79f53a..e3f4be238a 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.8-alpha-40593'; +$wp_version = '4.8-alpha-40594'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.