Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(form): disallow email address as first name #2862

Closed
mathetos opened this issue Mar 2, 2018 · 3 comments

Comments

Projects
None yet
4 participants
@mathetos
Copy link
Member

commented Mar 2, 2018

User Story

As a site admin, I want to disallow email addresses from being used in the name field so that spam is reduced.

We still get spammy donors despite several measures we've taken. But an easy thing we could also do is simply add a validation check on the first name to prevent an email address from being used there.

Current Behavior

I currently see email addresses submitted in the name field, which indicate spam.

Expected Behavior

I expect to see Give prevent these spammy submissions.

Possible Solution

Check for the presence of an @ character in the First Name and Last Name fields and prevent submission.

Steps to Reproduce

  1. Create a new form with default settings.
  2. Enter fake email address test@example.com into the First or Last Name fields.
  3. Attempt to submit form.

Visuals

image

Tasks

  • Detect email in name fields using is_email() in server-side PHP validation.
  • Display notice: <First Name|Last Name> cannot contain email address.

@kevinwhoffman kevinwhoffman changed the title feat(form): Disallow email address from being used in first name feat(form): disallow email address as first name Mar 13, 2018

@kevinwhoffman

This comment has been minimized.

Copy link
Member

commented Mar 13, 2018

@Sidsector9 I built out the issue that @mathetos started so you can tackle this in the next sprint. Please ensure you validate both client-side and server-side.

@mathetos

This comment has been minimized.

Copy link
Member Author

commented Mar 14, 2018

@kevinwhoffman We could just use the WordPress core function is_email to validate whether the name field is formatted like an email address, instead of only searching for the @ character. That's how I implemented that in the Stop Donor Spam addon:
https://github.com/mathetos/Stop-Donor-Spam/blob/master/stop-donor-spam.php#L95-L99

@kevinwhoffman

This comment has been minimized.

Copy link
Member

commented Mar 14, 2018

@mathetos Good suggestion.

@Sidsector9 I've updated your Tasks to only require server-side validation with is_email(). Don't worry about client-side as I don't expect many real users to be entering emails into the name field, and even if they do, it would be caught server-side.

DevinWalker added a commit that referenced this issue Mar 14, 2018

Merge pull request #2919 from Sidsector9/issue-2862
feat(form): disallow email address as first name #2862

@kevinwhoffman kevinwhoffman referenced this issue Mar 20, 2018

Closed

fix(donation): prevent $0 donation spam #2930

6 of 6 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.