From 5b3d397133e752af3230f6e0b1cecd5ce10ec807 Mon Sep 17 00:00:00 2001
From: Jeremy Felt <jeremy.felt@gmail.com>
Date: Tue, 9 May 2017 16:55:40 +0000
Subject: [PATCH] Multisite: Check only valid looking emails against banned
 domain list.

If an email address is missing an `@`, we can't assume enough to check it against a list of domain names.

Additional validation of email should happen in `is_email()` before being passed to `is_email_address_unsafe()`.

Fixes #39915.

Built from https://develop.svn.wordpress.org/trunk@40595


git-svn-id: http://core.svn.wordpress.org/trunk@40465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/ms-functions.php | 2 +-
 wp-includes/version.php      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-includes/ms-functions.php b/wp-includes/ms-functions.php
index c81210042b..16cb294359 100644
--- a/wp-includes/ms-functions.php
+++ b/wp-includes/ms-functions.php
@@ -354,7 +354,7 @@ function is_email_address_unsafe( $user_email ) {
 
 	$is_email_address_unsafe = false;
 
-	if ( $banned_names && is_array( $banned_names ) ) {
+	if ( $banned_names && is_array( $banned_names ) && false !== strpos( $user_email, '@', 1 ) ) {
 		$banned_names = array_map( 'strtolower', $banned_names );
 		$normalized_email = strtolower( $user_email );
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index e3f4be238a..5b7d981306 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.8-alpha-40594';
+$wp_version = '4.8-alpha-40595';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.