Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Multisite: Check only valid looking emails against banned domain list. 

If an email address is missing an `@`, we can't assume enough to check it against a list of domain names.

Additional validation of email should happen in `is_email()` before being passed to `is_email_address_unsafe()`.

Fixes #39915.

Built from https://develop.svn.wordpress.org/trunk@40595


git-svn-id: http://core.svn.wordpress.org/trunk@40465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Jeremy Felt 2017-05-09 16:55:40 +00:00
parent 3600dc562e
commit 5b3d397133
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-includes/ms-functions.php
View File

@ -354,7 +354,7 @@ function is_email_address_unsafe( $user_email ) {
$is_email_address_unsafe = false;
if ( $banned_names && is_array( $banned_names ) ) {
if ( $banned_names && is_array( $banned_names ) && false !== strpos( $user_email, '@', 1 ) ) {
$banned_names = array_map( 'strtolower', $banned_names );
$normalized_email = strtolower( $user_email );

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.8-alpha-40594';
$wp_version = '4.8-alpha-40595';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.