| Attached Files |
emailvalidation.patch (7,433 bytes)
Index: common.php
===================================================================
--- common.php (revision 8273)
+++ common.php (working copy)
@@ -2174,7 +2174,7 @@
}
}
-function validate_email($email)
+/*function validate_email($email)
{
// Create the syntactical validation regular expression
// Validate the syntax
@@ -2182,8 +2182,201 @@
// see http://data.iana.org/TLD/tlds-alpha-by-domain.txt
$maxrootdomainlength = 6;
return ( ! preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,".$maxrootdomainlength."}))$/ix", $email)) ? FALSE : TRUE;
+}*/
+
+
+function validate_email($email)
+{
+
+
+ $no_ws_ctl = "[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]";
+ $alpha = "[\\x41-\\x5a\\x61-\\x7a]";
+ $digit = "[\\x30-\\x39]";
+ $cr = "\\x0d";
+ $lf = "\\x0a";
+ $crlf = "(?:$cr$lf)";
+
+ $obs_char = "[\\x00-\\x09\\x0b\\x0c\\x0e-\\x7f]";
+ $obs_text = "(?:$lf*$cr*(?:$obs_char$lf*$cr*)*)";
+ $text = "(?:[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f]|$obs_text)";
+
+ $text = "(?:$lf*$cr*$obs_char$lf*$cr*)";
+ $obs_qp = "(?:\\x5c[\\x00-\\x7f])";
+ $quoted_pair = "(?:\\x5c$text|$obs_qp)";
+
+ $wsp = "[\\x20\\x09]";
+ $obs_fws = "(?:$wsp+(?:$crlf$wsp+)*)";
+ $fws = "(?:(?:(?:$wsp*$crlf)?$wsp+)|$obs_fws)";
+ $ctext = "(?:$no_ws_ctl|[\\x21-\\x27\\x2A-\\x5b\\x5d-\\x7e])";
+ $ccontent = "(?:$ctext|$quoted_pair)";
+ $comment = "(?:\\x28(?:$fws?$ccontent)*$fws?\\x29)";
+ $cfws = "(?:(?:$fws?$comment)*(?:$fws?$comment|$fws))";
+
+ $outer_ccontent_dull = "(?:$fws?$ctext|$quoted_pair)";
+ $outer_ccontent_nest = "(?:$fws?$comment)";
+ $outer_comment = "(?:\\x28$outer_ccontent_dull*(?:$outer_ccontent_nest$outer_ccontent_dull*)+$fws?\\x29)";
+
+ $atext = "(?:$alpha|$digit|[\\x21\\x23-\\x27\\x2a\\x2b\\x2d\\x2f\\x3d\\x3f\\x5e\\x5f\\x60\\x7b-\\x7e])";
+ $atom = "(?:$cfws?(?:$atext)+$cfws?)";
+
+ $qtext = "(?:$no_ws_ctl|[\\x21\\x23-\\x5b\\x5d-\\x7e])";
+ $qcontent = "(?:$qtext|$quoted_pair)";
+ $quoted_string = "(?:$cfws?\\x22(?:$fws?$qcontent)*$fws?\\x22$cfws?)";
+
+ $quoted_string = "(?:$cfws?\\x22(?:$fws?$qcontent)+$fws?\\x22$cfws?)";
+ $word = "(?:$atom|$quoted_string)";
+
+ $obs_local_part = "(?:$word(?:\\x2e$word)*)";
+ $obs_domain = "(?:$atom(?:\\x2e$atom)*)";
+
+ $dot_atom_text = "(?:$atext+(?:\\x2e$atext+)*)";
+ $dot_atom = "(?:$cfws?$dot_atom_text$cfws?)";
+
+ $dtext = "(?:$no_ws_ctl|[\\x21-\\x5a\\x5e-\\x7e])";
+ $dcontent = "(?:$dtext|$quoted_pair)";
+ $domain_literal = "(?:$cfws?\\x5b(?:$fws?$dcontent)*$fws?\\x5d$cfws?)";
+
+ // local-part = dot-atom / quoted-string / obs-local-part
+ // domain = dot-atom / domain-literal / obs-domain
+ // addr-spec = local-part "@" domain
+
+ $local_part = "(($dot_atom)|($quoted_string)|($obs_local_part))";
+ $domain = "(($dot_atom)|($domain_literal)|($obs_domain))";
+ $addr_spec = "$local_part\\x40$domain";
+
+ if (strlen($email) > 256) return FALSE;
+
+ $email = rfc3696_strip_comments($outer_comment, $email, "(x)");
+
+ if (!preg_match("!^$addr_spec$!", $email, $m))
+ {
+
+ return FALSE;
+ }
+
+ $bits = array(
+ 'local' => isset($m[1]) ? $m[1] : '',
+ 'local-atom' => isset($m[2]) ? $m[2] : '',
+ 'local-quoted' => isset($m[3]) ? $m[3] : '',
+ 'local-obs' => isset($m[4]) ? $m[4] : '',
+ 'domain' => isset($m[5]) ? $m[5] : '',
+ 'domain-atom' => isset($m[6]) ? $m[6] : '',
+ 'domain-literal' => isset($m[7]) ? $m[7] : '',
+ 'domain-obs' => isset($m[8]) ? $m[8] : '',
+ );
+
+
+ $bits['local'] = rfc3696_strip_comments($comment, $bits['local']);
+ $bits['domain'] = rfc3696_strip_comments($comment, $bits['domain']);
+
+ // length limits on segments
+ if (strlen($bits['local']) > 64) return FALSE;
+ if (strlen($bits['domain']) > 255) return FALSE;
+
+
+
+ // restrictuions on domain-literals from RFC2821 section 4.1.3
+
+ if (strlen($bits['domain-literal'])){
+
+ $Snum = "(\d{1,3})";
+ $IPv4_address_literal = "$Snum\.$Snum\.$Snum\.$Snum";
+
+ $IPv6_hex = "(?:[0-9a-fA-F]{1,4})";
+
+ $IPv6_full = "IPv6\:$IPv6_hex(:?\:$IPv6_hex){7}";
+
+ $IPv6_comp_part = "(?:$IPv6_hex(?:\:$IPv6_hex){0,5})?";
+ $IPv6_comp = "IPv6\:($IPv6_comp_part\:\:$IPv6_comp_part)";
+
+ $IPv6v4_full = "IPv6\:$IPv6_hex(?:\:$IPv6_hex){5}\:$IPv4_address_literal";
+
+ $IPv6v4_comp_part = "$IPv6_hex(?:\:$IPv6_hex){0,3}";
+ $IPv6v4_comp = "IPv6\:((?:$IPv6v4_comp_part)?\:\:(?:$IPv6v4_comp_part\:)?)$IPv4_address_literal";
+
+
+ #
+ # IPv4 is simple
+ #
+
+ if (preg_match("!^\[$IPv4_address_literal\]$!", $bits['domain'], $m)){
+
+ if (intval($m[1]) > 255) return FALSE;
+ if (intval($m[2]) > 255) return FALSE;
+ if (intval($m[3]) > 255) return FALSE;
+ if (intval($m[4]) > 255) return FALSE;
+
+ }else{
+
+ #
+ # this should be IPv6 - a bunch of tests are needed here :)
+ #
+
+ while (1){
+
+ if (preg_match("!^\[$IPv6_full\]$!", $bits['domain'])){
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6_comp\]$!", $bits['domain'], $m)){
+ list($a, $b) = explode('::', $m[1]);
+ $folded = (strlen($a) && strlen($b)) ? "$a:$b" : "$a$b";
+ $groups = explode(':', $folded);
+ if (count($groups) > 6) return FALSE;
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6v4_full\]$!", $bits['domain'], $m)){
+
+ if (intval($m[1]) > 255) return FALSE;
+ if (intval($m[2]) > 255) return FALSE;
+ if (intval($m[3]) > 255) return FALSE;
+ if (intval($m[4]) > 255) return FALSE;
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6v4_comp\]$!", $bits['domain'], $m)){
+ list($a, $b) = explode('::', $m[1]);
+ $b = substr($b, 0, -1); # remove the trailing colon before the IPv4 address
+ $folded = (strlen($a) && strlen($b)) ? "$a:$b" : "$a$b";
+ $groups = explode(':', $folded);
+ if (count($groups) > 4) return FALSE;
+ break;
+ }
+
+ return FALSE;
+ }
+ }
+ }else{
+
+ $labels = explode('.', $bits['domain']);
+ if (count($labels) == 1) return FALSE;
+ foreach ($labels as $label){
+
+ if (strlen($label) > 63) return FALSE;
+ if (substr($label, 0, 1) == '-') return FALSE;
+ if (substr($label, -1) == '-') return FALSE;
+ }
+
+ if (preg_match('!^[0-9]+$!', array_pop($labels))) return FALSE;
+ }
+
+
+ return TRUE;
}
+
+function rfc3696_strip_comments($comment, $email, $replace='')
+{
+
+ while (1){
+ $new = preg_replace("!$comment!", $replace, $email);
+ if (strlen($new) == strlen($email)){
+ return $email;
+ }
+ $email = $new;
+ }
+}
function validate_templatedir($templatename)
{
global $publicdir, $defaulttemplate;
Index: classes/core/sanitize.php
===================================================================
--- classes/core/sanitize.php (revision 8273)
+++ classes/core/sanitize.php (working copy)
@@ -163,7 +163,7 @@
$emailarray=explode(';',$email);
for ($i = 0; $i <= count($emailarray)-1; $i++)
{
- $emailarray[$i]=preg_replace('/[^a-zA-Z0-9;+_.@-]/i', '', $emailarray[$i]);
+ $emailarray[$i]=preg_replace('/[^a-zA-Z0-9;+_=|.$%&#!{*~`?}^@-]/i', '', $emailarray[$i]);
}
return implode(';',$emailarray);
}
email-validator.patch (7,409 bytes)
Index: common.php
===================================================================
--- common.php (revision 8325)
+++ common.php (working copy)
@@ -2175,7 +2175,7 @@
}
}
-function validate_email($email)
+/*function validate_email($email)
{
// Create the syntactical validation regular expression
// Validate the syntax
@@ -2183,8 +2183,220 @@
// see http://data.iana.org/TLD/tlds-alpha-by-domain.txt
$maxrootdomainlength = 6;
return ( ! preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,".$maxrootdomainlength."}))$/ix", $email)) ? FALSE : TRUE;
+}*/
+
+function validate_email($email){
+
+
+ $no_ws_ctl = "[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]";
+ $alpha = "[\\x41-\\x5a\\x61-\\x7a]";
+ $digit = "[\\x30-\\x39]";
+ $cr = "\\x0d";
+ $lf = "\\x0a";
+ $crlf = "(?:$cr$lf)";
+
+
+ $obs_char = "[\\x00-\\x09\\x0b\\x0c\\x0e-\\x7f]";
+ $obs_text = "(?:$lf*$cr*(?:$obs_char$lf*$cr*)*)";
+ $text = "(?:[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f]|$obs_text)";
+
+
+ $text = "(?:$lf*$cr*$obs_char$lf*$cr*)";
+ $obs_qp = "(?:\\x5c[\\x00-\\x7f])";
+ $quoted_pair = "(?:\\x5c$text|$obs_qp)";
+
+
+ $wsp = "[\\x20\\x09]";
+ $obs_fws = "(?:$wsp+(?:$crlf$wsp+)*)";
+ $fws = "(?:(?:(?:$wsp*$crlf)?$wsp+)|$obs_fws)";
+ $ctext = "(?:$no_ws_ctl|[\\x21-\\x27\\x2A-\\x5b\\x5d-\\x7e])";
+ $ccontent = "(?:$ctext|$quoted_pair)";
+ $comment = "(?:\\x28(?:$fws?$ccontent)*$fws?\\x29)";
+ $cfws = "(?:(?:$fws?$comment)*(?:$fws?$comment|$fws))";
+
+
+ $outer_ccontent_dull = "(?:$fws?$ctext|$quoted_pair)";
+ $outer_ccontent_nest = "(?:$fws?$comment)";
+ $outer_comment = "(?:\\x28$outer_ccontent_dull*(?:$outer_ccontent_nest$outer_ccontent_dull*)+$fws?\\x29)";
+
+
+
+ $atext = "(?:$alpha|$digit|[\\x21\\x23-\\x27\\x2a\\x2b\\x2d\\x2f\\x3d\\x3f\\x5e\\x5f\\x60\\x7b-\\x7e])";
+ $atext_domain = "(?:$alpha|$digit)";
+
+ $atom = "(?:$cfws?(?:$atext)+$cfws?)";
+ $atom_domain = "(?:$cfws?(?:$atext_domain)+$cfws?)";
+
+
+ $qtext = "(?:$no_ws_ctl|[\\x21\\x23-\\x5b\\x5d-\\x7e])";
+ $qcontent = "(?:$qtext|$quoted_pair)";
+ $quoted_string = "(?:$cfws?\\x22(?:$fws?$qcontent)*$fws?\\x22$cfws?)";
+
+
+ $quoted_string = "(?:$cfws?\\x22(?:$fws?$qcontent)+$fws?\\x22$cfws?)";
+ $word = "(?:$atom|$quoted_string)";
+
+
+ $obs_local_part = "(?:$word(?:\\x2e$word)*)";
+
+
+ $obs_domain = "(?:$atom_domain(?:\\x2e$atom_domain)*)";
+
+ $dot_atom_text = "(?:$atext+(?:\\x2e$atext+)*)";
+ $dot_atom_text_domain = "(?:$atext_domain+(?:\\x2e$atext_domain+)*)";
+
+
+ $dot_atom = "(?:$cfws?$dot_atom_text$cfws?)";
+ $dot_atom_domain = "(?:$cfws?$dot_atom_text_domain$cfws?)";
+
+
+ $dtext = "(?:$no_ws_ctl|[\\x21-\\x5a\\x5e-\\x7e])";
+ $dcontent = "(?:$dtext|$quoted_pair)";
+ $domain_literal = "(?:$cfws?\\x5b(?:$fws?$dcontent)*$fws?\\x5d$cfws?)";
+
+
+ $local_part = "(($dot_atom)|($quoted_string)|($obs_local_part))";
+ $domain = "(($dot_atom_domain)|($domain_literal)|($obs_domain))";
+ $addr_spec = "$local_part\\x40$domain";
+
+
+ if (strlen($email) > 256) return FALSE;
+
+
+ $email = strip_comments($outer_comment, $email, "(x)");
+
+
+
+ if (!preg_match("!^$addr_spec$!", $email, $m)){
+
+ return FALSE;
+ }
+
+ $bits = array(
+ 'local' => isset($m[1]) ? $m[1] : '',
+ 'local-atom' => isset($m[2]) ? $m[2] : '',
+ 'local-quoted' => isset($m[3]) ? $m[3] : '',
+ 'local-obs' => isset($m[4]) ? $m[4] : '',
+ 'domain' => isset($m[5]) ? $m[5] : '',
+ 'domain-atom' => isset($m[6]) ? $m[6] : '',
+ 'domain-literal' => isset($m[7]) ? $m[7] : '',
+ 'domain-obs' => isset($m[8]) ? $m[8] : '',
+ );
+
+
+
+ $bits['local'] = strip_comments($comment, $bits['local']);
+ $bits['domain'] = strip_comments($comment, $bits['domain']);
+
+
+
+
+ if (strlen($bits['local']) > 64) return FALSE;
+ if (strlen($bits['domain']) > 255) return FALSE;
+
+
+
+ if (strlen($bits['domain-literal'])){
+
+ $Snum = "(\d{1,3})";
+ $IPv4_address_literal = "$Snum\.$Snum\.$Snum\.$Snum";
+
+ $IPv6_hex = "(?:[0-9a-fA-F]{1,4})";
+
+ $IPv6_full = "IPv6\:$IPv6_hex(:?\:$IPv6_hex){7}";
+
+ $IPv6_comp_part = "(?:$IPv6_hex(?:\:$IPv6_hex){0,5})?";
+ $IPv6_comp = "IPv6\:($IPv6_comp_part\:\:$IPv6_comp_part)";
+
+ $IPv6v4_full = "IPv6\:$IPv6_hex(?:\:$IPv6_hex){5}\:$IPv4_address_literal";
+
+ $IPv6v4_comp_part = "$IPv6_hex(?:\:$IPv6_hex){0,3}";
+ $IPv6v4_comp = "IPv6\:((?:$IPv6v4_comp_part)?\:\:(?:$IPv6v4_comp_part\:)?)$IPv4_address_literal";
+
+
+
+ if (preg_match("!^\[$IPv4_address_literal\]$!", $bits['domain'], $m)){
+
+ if (intval($m[1]) > 255) return FALSE;
+ if (intval($m[2]) > 255) return FALSE;
+ if (intval($m[3]) > 255) return FALSE;
+ if (intval($m[4]) > 255) return FALSE;
+
+ }else{
+
+
+ while (1){
+
+ if (preg_match("!^\[$IPv6_full\]$!", $bits['domain'])){
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6_comp\]$!", $bits['domain'], $m)){
+ list($a, $b) = explode('::', $m[1]);
+ $folded = (strlen($a) && strlen($b)) ? "$a:$b" : "$a$b";
+ $groups = explode(':', $folded);
+ if (count($groups) > 6) return FALSE;
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6v4_full\]$!", $bits['domain'], $m)){
+
+ if (intval($m[1]) > 255) return FALSE;
+ if (intval($m[2]) > 255) return FALSE;
+ if (intval($m[3]) > 255) return FALSE;
+ if (intval($m[4]) > 255) return FALSE;
+ break;
+ }
+
+ if (preg_match("!^\[$IPv6v4_comp\]$!", $bits['domain'], $m)){
+ list($a, $b) = explode('::', $m[1]);
+ $b = substr($b, 0, -1); # remove the trailing colon before the IPv4 address
+ $folded = (strlen($a) && strlen($b)) ? "$a:$b" : "$a$b";
+ $groups = explode(':', $folded);
+ if (count($groups) > 4) return FALSE;
+ break;
+ }
+
+ return FALSE;
+ }
+ }
+ }else{
+
+
+ $labels = explode('.', $bits['domain']);
+
+
+ if (count($labels) == 1) return FALSE;
+
+
+ foreach ($labels as $label){
+
+ if (strlen($label) > 63) return FALSE;
+ if (substr($label, 0, 1) == '-') return FALSE;
+ if (substr($label, -1) == '-') return FALSE;
+ }
+
+ if (preg_match('!^[0-9]+$!', array_pop($labels))) return FALSE;
+ }
+
+
+ return TRUE;
}
+##################################################################################
+
+function strip_comments($comment, $email, $replace=''){
+
+ while (1){
+ $new = preg_replace("!$comment!", $replace, $email);
+ if (strlen($new) == strlen($email)){
+ return $email;
+ }
+ $email = $new;
+ }
+}
+
+
function validate_templatedir($templatename)
{
global $publicdir, $defaulttemplate;
Index: classes/core/sanitize.php
===================================================================
--- classes/core/sanitize.php (revision 8325)
+++ classes/core/sanitize.php (working copy)
@@ -163,7 +163,7 @@
$emailarray=explode(';',$email);
for ($i = 0; $i <= count($emailarray)-1; $i++)
{
- $emailarray[$i]=preg_replace('/[^a-zA-Z0-9;+_.@-]/i', '', $emailarray[$i]);
+ $emailarray[$i]=preg_replace('/[^a-zA-Z0-9;+_=|.$%&#!{*~`?}^@-]/i', '', $emailarray[$i]);
}
return implode(';',$emailarray);
}
|
|---|
