Changeset 10941 for sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php

Timestamp:

04/30/2021 08:44:23 AM (4 years ago)

Author:

dd32

Message:

Login: Only allow one signup at a time by "inbox", that is, ignoring plus addressing.

This is mostly to combat spammers using myemail+sldkjasldf@… to create multiple accounts.
This does not prevent plus addressing being used.
This does not prevent multiple accounts using plus addressing from existing, only that only a single account via plus addressing can be created per 2 weeks.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php (modified) (1 diff)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-login/functions-restapi.php

@@ -85 +85 @@
 
     // Check we don't have a pending registration for that email.
-    if ( $pending = wporg_get_pending_user( $email ) ) {
+    $pending = wporg_get_pending_user( $email );
+
+    // And that there's no pending account signups for other emails for that inbox.
+    if ( ! $pending && false !== strpos( $email, '+' ) ) {
+        $pending = wporg_get_pending_user_by_email_wildcard( $email );
+    }
+
+    if ( $pending ) {
         return [
             'available' => false,