Feature #35450
closed
Better validation error message when the domain of email is not allowed
Added by Yuichi HARADA over 3 years ago.
Updated about 1 year ago.
Category:
Accounts / authentication
Description
When registering an email address with a disallowed email domain with "My account > Email", the error message "Email is invalid" is displayed.
I don't understand what the error message wants to convey, so fixed the error message.
Files
- File 37151-v2.patch added
- Subject changed from Fixed an error message when registering an email address for a disallowed email domain to Better validation error message when the domain of email is not allowed
- Category changed from Code cleanup/refactoring to Accounts / authentication
- Target version set to 5.1.0
+1
One of my customers was also confused by this error message.
Setting the target version to 5.1.0.
- File deleted (
37151-v2.patch)
- Related to Feature #3369: Allowed/Disallowed email domains settings to restrict users' email addresses added
I wrote as follows in #3369#note-13 two years ago.
Changed the error message when the domain is not allowed from "Email contains a domain not allowed (example.com)" to simpler "Email is invalid" because the former detailed error message may give attackers useful hints to avoid restrictions especially on /account/register page
Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.
Go MAEDA wrote:
Taking the above into account, I have updated the patch so that the detailed error message is not displayed for anonymous users.
+1
I think the patch is good as I don't have to provide any details to anonymous users.
- Status changed from New to Closed
- Assignee set to Go MAEDA
Committed the patch. Thank you.
- Tracker changed from Patch to Feature
- Resolution set to Fixed
Also available in: Atom
PDF
Updated by 
Updated by