#4485 closed defect (bug) (fixed)
Changing email address in Settings improperly checks limited_email_domains
Reported by: | boonebgorges | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 1.6.2 | Priority: | normal |
Severity: | normal | Version: | 1.6 |
Component: | Members | Keywords: | |
Cc: |
Description
The limited_email_domains check in bp_settings_action_general()
checks these domains as if they were a blacklist, when they're actually a whitelist. This prevents users from changing their email to a valid address when Limited Email Domains are set in the admin.
A minimal fix is to switch the check so that it properly uses is_email_address_unsafe()
to check banned domains, and does a proper whitelist check for limited_email_domains. However, making this minimal fix means reproducing logic that exists in multiple places in the codebase. I've submitted an upstream patch to have better reusable functions for this purpose https://core.trac.wordpress.org/ticket/21730, but while it smoulders on WP Trac, I propose that we have similar centralized email validation functions in BP, for the next bugfix release.
Change History (3)
#3
@
12 years ago
In r6269 I introduced bp_core_validate_email_address()
and refactored the Settings email change routine to use it. However, for the bugfix release, I did not want to touch the registration process, which as far as I know is already working properly. I've opened a new ticket for that enhancement: #4486.
(In [6269]) Fixes email validation in Settings component
When changing your email in the Settings component, this changeset ensures that
the new address is validated in all the crucial ways, specifically the
banned_email_domains and limited_email_domains checks on WordPress Multisite.
Fixes #4485