Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
04/21/2021 07:10:20 PM (5 months ago)
Author:
dcavins
Message:

BP_Optout: Ensure email_address is always lowercase.

When adding, updating, or fetching opt-outs,
be sure that the email address string has
been converted to lowercase, else the comparisons
of the hashed values will fail.

See #8448.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/classes/class-bp-optout.php

    r12898 r12903  
    213213    protected static function _insert( $data = array(), $data_format = array() ) {
    214214        global $wpdb;
    215         // We must hash the email address at insert.
    216         $data['email_address_hash'] = wp_hash( $data['email_address_hash'] );
     215        // We must lowercase and hash the email address at insert.
     216        $email                      = strtolower( $data['email_address_hash'] );
     217        $data['email_address_hash'] = wp_hash( $email );
    217218        return $wpdb->insert( BP_Optout::get_table_name(), $data, $data_format );
    218219    }
     
    238239        global $wpdb;
    239240
    240         // Ensure that a passed email address is hashed.
     241        // Ensure that a passed email address is lowercased and hashed.
    241242        if ( ! empty( $data['email_address_hash'] ) && is_email( $data['email_address_hash'] ) ) {
    242             $data['email_address_hash'] = wp_hash( $data['email_address_hash'] );
     243            $email                      = strtolower( $data['email_address_hash'] );
     244            $data['email_address_hash'] = wp_hash( $email );
    243245        }
    244246
     
    297299            $email_clean = array();
    298300            foreach ( $emails as $email ) {
     301                $email         = strtolower( $email );
    299302                $email_hash    = wp_hash( $email );
    300303                $email_clean[] = $wpdb->prepare( '%s', $email_hash );
     
    331334        if ( ! empty( $args['search_terms'] ) ) {
    332335            // Matching email_address is an exact match because of the hashing.
     336            $args['search_terms']             = strtolower( $args['search_terms'] );
    333337            $search_terms_like                = wp_hash( $args['search_terms'] );
    334338            $where_conditions['search_terms'] = $wpdb->prepare( '( email_address_hash LIKE %s )', $search_terms_like );
Note: See TracChangeset for help on using the changeset viewer.