2718.us blog » domain

Input Validation: Check your RFCs

2718.us — Thu, 01 May 2008 16:31:33 +0000

Most drop-in “is this a valid-form email?” functions do label certain valid email addresses as invalid. In particular, while highly unlikely, it is valid to have an email address at a TLD. Why did this come to mind? Very circuitously. I was watching YouTube videos when I noticed that it was loading stuff from “i.ytimg.com,” which is NOT a valid FQDN. Each part of a FQDN must be at least two characters, with the special exception of the root nameservers. While nearly everyone and everything handles single-character hostnames nowadays, there have been and probably still are some servers that choke on single-character hostnames (I know that I’ve had issues with email addresses with single-character hostnames).

By the way, the combination of these two things means that the shortest email address that will validate in (nearly) all format-validation routines is a single character at a two-character SLD under a two-character coutry-code TLD, such as “[email protected]”.

WordPress Authentication Gotcha: bbPress Integration

2718.us — Mon, 21 Apr 2008 04:42:51 +0000

I not only wanted to integrate my own other things into my WordPress-based site, but I wanted forums, too, so of course I thought of bbPress. It seems to integrate well with WordPress, but then suddenly strange things started happening with login and logout. For instance, when I logged in with bbPress, I couldn’t get WordPress to log me out and my integrated site didn’t work.

Ah-ha! A cookie problem–while I’d set the cookie domain for WordPress to allow subdomains to work, bbPress didn’t know about WordPress’s cookie settings, so bbPress didn’t set the right cookie domain. Worse, this meant that the cookie didn’t quite match up to what WordPress expected, so logging out in WordPress tried to blank a cookie that wasn’t set, not the login cookie set by bbPress. The fix is to add something like

$bb->cookiedomain = '.yoursite.com';

to bb-config.php (that is, match what you’ve set in WordPress). Not the most obvious way to set an option, but it works.