XML-RPC: Fix length validation of anonymous commenter's email address.

Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.

Follow up to [47808].
Fixes #51595.



git-svn-id: https://develop.svn.wordpress.org/trunk@49271 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Wilson
2020-10-22 02:40:06 +00:00
parent 4143182d6b
commit 9aececb374
2 changed files with 78 additions and 1 deletions

View File

@@ -3913,7 +3913,7 @@ class wp_xmlrpc_server extends IXR_Server {
$comment['user_ID'] = 0;
if ( get_option( 'require_name_email' ) ) {
if ( strlen( $comment['comment_author_email'] < 6 ) || '' === $comment['comment_author'] ) {
if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
} elseif ( ! is_email( $comment['comment_author_email'] ) ) {
return new IXR_Error( 403, __( 'A valid email address is required.' ) );