<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[BuddyPress][6270] branches/1.6: Fixes email validation in Settings component</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://buddypress.trac.wordpress.org/changeset/6270">6270</a></dd>
<dt>Author</dt> <dd>boonebgorges</dd>
<dt>Date</dt> <dd>2012-08-29 18:47:57 +0000 (Wed, 29 Aug 2012)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fixes email validation in Settings component
When changing your email in the Settings component, this changeset ensures that
the new address is validated in all the crucial ways, specifically the
banned_email_domains and limited_email_domains checks on WordPress Multisite.
Fixes <a href="http://buddypress.trac.wordpress.org/ticket/4485">#4485</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branches16bpmembersbpmembersfunctionsphp">branches/1.6/bp-members/bp-members-functions.php</a></li>
<li><a href="#branches16bpsettingsbpsettingsactionsphp">branches/1.6/bp-settings/bp-settings-actions.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branches16bpmembersbpmembersfunctionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-members/bp-members-functions.php (6269 => 6270)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-members/bp-members-functions.php 2012-08-29 18:47:11 UTC (rev 6269)
+++ branches/1.6/bp-members/bp-members-functions.php 2012-08-29 18:47:57 UTC (rev 6270)
</span><span class="lines">@@ -970,8 +970,58 @@
</span><span class="cx"> add_filter( 'pre_update_site_option_illegal_names', 'bp_core_get_illegal_names', 10, 2 );
</span><span class="cx">
</span><span class="cx"> /**
</span><ins>+ * Check that an email address is valid for use
+ *
+ * Performs the following checks:
+ * - Is the email address well-formed?
+ * - Is the email address already used?
+ * - If there's an email domain blacklist, is the current domain on it?
+ * - If there's an email domain whitelest, is the current domain on it?
+ *
+ * @since 1.6.2
+ *
+ * @param string $user_email The email being checked
+ * @return bool|array True if the address passes all checks; otherwise an array
+ * of error codes
+ */
+function bp_core_validate_email_address( $user_email ) {
+ $errors = array();
+
+ $user_email = sanitize_email( $user_email );
+
+ // Is the email well-formed?
+ if ( ! is_email( $user_email ) )
+ $errors['invalid'] = 1;
+
+ // Is the email on the Banned Email Domains list?
+ // Note: This check only works on Multisite
+ if ( function_exists( 'is_email_address_unsafe' ) && is_email_address_unsafe( $user_email ) )
+ $errors['domain_banned'] = 1;
+
+ // Is the email on the Limited Email Domains list?
+ // Note: This check only works on Multisite
+ $limited_email_domains = get_site_option( 'limited_email_domains' );
+ if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
+ $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
+ if ( ! in_array( $emaildomain, $limited_email_domains ) ) {
+ $errors['domain_not_allowed'] = 1;
+ }
+ }
+
+ // Is the email alreday in use?
+ if ( email_exists( $user_email ) )
+ $errors['in_use'] = 1;
+
+ $retval = ! empty( $errors ) ? $errors : true;
+
+ return $retval;
+}
+
+/**
</ins><span class="cx"> * Validate a user name and email address when creating a new user.
</span><span class="cx"> *
</span><ins>+ * @todo Refactor to use bp_core_validate_email_address()
+ *
</ins><span class="cx"> * @param string $user_name Username to validate
</span><span class="cx"> * @param string $user_email Email address to validate
</span><span class="cx"> * @return array Results of user validation including errors, if any
</span></span></pre></div>
<a id="branches16bpsettingsbpsettingsactionsphp"></a>
<div class="modfile"><h4>Modified: branches/1.6/bp-settings/bp-settings-actions.php (6269 => 6270)</h4>
<pre class="diff"><span>
<span class="info">--- branches/1.6/bp-settings/bp-settings-actions.php 2012-08-29 18:47:11 UTC (rev 6269)
+++ branches/1.6/bp-settings/bp-settings-actions.php 2012-08-29 18:47:57 UTC (rev 6270)
</span><span class="lines">@@ -71,25 +71,21 @@
</span><span class="cx"> // User is changing email address
</span><span class="cx"> if ( $bp->displayed_user->userdata->user_email != $user_email ) {
</span><span class="cx">
</span><del>- // Is email valid
- if ( !is_email( $user_email ) )
- $email_error = 'invalid';
</del><ins>+ // Run some tests on the email address
+ $email_checks = bp_core_validate_email_address( $user_email );
</ins><span class="cx">
</span><del>- // Get blocked email domains
- $limited_email_domains = get_site_option( 'limited_email_domains', 'buddypress' );
</del><ins>+ if ( true !== $email_checks ) {
+ if ( isset( $email_checks['invalid'] ) ) {
+ $email_error = 'invalid';
+ }
</ins><span class="cx">
</span><del>- // If blocked email domains exist, see if this is one of them
- if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
- $emaildomain = substr( $user_email, 1 + strpos( $user_email, '@' ) );
-
- if ( in_array( $emaildomain, (array) $limited_email_domains ) == false ) {
</del><ins>+ if ( isset( $email_checks['domain_banned'] ) || isset( $email_checks['domain_not_allowed'] ) ) {
</ins><span class="cx"> $email_error = 'blocked';
</span><span class="cx"> }
</span><del>- }
</del><span class="cx">
</span><del>- // No errors, and email address doesn't match
- if ( ( false === $email_error ) && email_exists( $user_email ) ) {
- $email_error = 'taken';
</del><ins>+ if ( isset( $email_checks['in_use'] ) ) {
+ $email_error = 'taken';
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Yay we made it!
</span></span></pre>
</div>
</div>
</body>
</html>