[buddypress-trac] [BuddyPress] #4485: Changing email address in Settings improperly checks limited_email_domains

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Wed Aug 29 16:41:32 UTC 2012


#4485: Changing email address in Settings improperly checks limited_email_domains
--------------------------+--------------------------
 Reporter:  boonebgorges  |      Owner:  boonebgorges
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  1.6.2
Component:  Members       |    Version:  1.6
 Severity:  normal        |   Keywords:
--------------------------+--------------------------
 The limited_email_domains check in `bp_settings_action_general()` checks
 these domains as if they were a blacklist, when they're actually a
 whitelist. This prevents users from changing their email to a valid
 address when Limited Email Domains are set in the admin.

 A minimal fix is to switch the check so that it properly uses
 `is_email_address_unsafe()` to check banned domains, and does a proper
 whitelist check for limited_email_domains. However, making this minimal
 fix means reproducing logic that exists in multiple places in the
 codebase. I've submitted an upstream patch to have better reusable
 functions for this purpose https://core.trac.wordpress.org/ticket/21730,
 but while it smoulders on WP Trac, I propose that we have similar
 centralized email validation functions in BP, for the next bugfix release.

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4485>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list