[buddypress-trac] [BuddyPress] #4485: Changing email address in Settings improperly checks limited_email_domains
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Wed Aug 29 16:41:32 UTC 2012
#4485: Changing email address in Settings improperly checks limited_email_domains
--------------------------+--------------------------
Reporter: boonebgorges | Owner: boonebgorges
Type: defect (bug) | Status: new
Priority: normal | Milestone: 1.6.2
Component: Members | Version: 1.6
Severity: normal | Keywords:
--------------------------+--------------------------
The limited_email_domains check in `bp_settings_action_general()` checks
these domains as if they were a blacklist, when they're actually a
whitelist. This prevents users from changing their email to a valid
address when Limited Email Domains are set in the admin.
A minimal fix is to switch the check so that it properly uses
`is_email_address_unsafe()` to check banned domains, and does a proper
whitelist check for limited_email_domains. However, making this minimal
fix means reproducing logic that exists in multiple places in the
codebase. I've submitted an upstream patch to have better reusable
functions for this purpose https://core.trac.wordpress.org/ticket/21730,
but while it smoulders on WP Trac, I propose that we have similar
centralized email validation functions in BP, for the next bugfix release.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4485>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list