Skip to:
Content

BuddyPress.org

Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#4485 closed defect (bug) (fixed)

Changing email address in Settings improperly checks limited_email_domains

Reported by: boonebgorges's profile boonebgorges Owned by: boonebgorges's profile boonebgorges
Milestone: 1.6.2 Priority: normal
Severity: normal Version: 1.6
Component: Members Keywords:
Cc:

Description

The limited_email_domains check in bp_settings_action_general() checks these domains as if they were a blacklist, when they're actually a whitelist. This prevents users from changing their email to a valid address when Limited Email Domains are set in the admin.

A minimal fix is to switch the check so that it properly uses is_email_address_unsafe() to check banned domains, and does a proper whitelist check for limited_email_domains. However, making this minimal fix means reproducing logic that exists in multiple places in the codebase. I've submitted an upstream patch to have better reusable functions for this purpose https://core.trac.wordpress.org/ticket/21730, but while it smoulders on WP Trac, I propose that we have similar centralized email validation functions in BP, for the next bugfix release.

Change History (3)

#1 @boonebgorges
12 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6269]) Fixes email validation in Settings component

When changing your email in the Settings component, this changeset ensures that
the new address is validated in all the crucial ways, specifically the
banned_email_domains and limited_email_domains checks on WordPress Multisite.

Fixes #4485

#2 @boonebgorges
12 years ago

(In [6270]) Fixes email validation in Settings component

When changing your email in the Settings component, this changeset ensures that
the new address is validated in all the crucial ways, specifically the
banned_email_domains and limited_email_domains checks on WordPress Multisite.

Fixes #4485

#3 @boonebgorges
12 years ago

In r6269 I introduced bp_core_validate_email_address() and refactored the Settings email change routine to use it. However, for the bugfix release, I did not want to touch the registration process, which as far as I know is already working properly. I've opened a new ticket for that enhancement: #4486.

Note: See TracTickets for help on using tickets.