Projects ⇒ Bugs ⇒ #641: function is_email not validating all addresses ⇒ CPG Dragonfly™ CMS
Bug #641 function is_email not validating all addresses
Project: Dragonfly 9.0.3 -> 9.3 Category: *CPG Core Issues
Submitted: Friday, October 14, 2005 (13:05:21) Modified: Saturday, November 26, 2005 (23:42:51)
Status: Closed Assigned to:
PHP Version: 4.3.10 HTTPD Server: Apache 2.0

View/Vote Add Comment

by: safecracker4hire
Description:
------------
The is an actual error message, but that option (nor email) exists as the 'Type of Bug'.

The function is_email (includes/cmsinit.inc -- lines 422 through 445) is not validating addresses with single character subnets, such as user@u.washington.edu.



Reproduce code:
---------------
if (!ereg('^[_\.\+0-9a-z-]+@[0-9a-z-]{2,63}\.+[a-z]{2,6}$',$email) &&
!ereg('^[_\.\+0-9a-z-]+@[_0-9a-z\-]{2,25}\.+[_0-9a-z\-]{2,63}\.+[a-z]{2,6}$',$email) &&
!ereg('^[_\.\+0-9a-z-]+@[_0-9a-z\-]{2,25}\.+[_0-9a-z\-]{2,63}\.+[a-z]{2,6}\.+[a-z]{2,6}$',$email)) {
// "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email]#si"
return -1;
}

The above is looking for 2 - 25 characters as the subnet.

Expected result:
----------------
The email address should validate.

The fix is to change the ereg to look for 1 - 25 characters in the subnet.

if (!ereg('^[_\.\+0-9a-z-]+@[0-9a-z-]{2,63}\.+[a-z]{2,6}$',$email) &&
!ereg('^[_\.\+0-9a-z-]+@[_0-9a-z\-]{1,25}\.+[_0-9a-z\-]{2,63}\.+[a-z]{2,6}$',$email) &&
!ereg('^[_\.\+0-9a-z-]+@[_0-9a-z\-]{1,25}\.+[_0-9a-z\-]{2,63}\.+[a-z]{2,6}\.+[a-z]{2,6}$',$email)) {
// "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email]#si"
return -1;
}

Actual result:
--------------
Line : 198
File : emailer.php
General Error
Failed sending email :: PHP :: The following From address failed: user@u.washington.edu
by: akamu
1 character subdomains are not allowed via RFC 1035
by: akamu
Not enough information was provided for us to be able to handle this bug.
Please re-read the instructions at How to Report a Bug

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in CPG-Nuke 9.0.3 -> 9.1.
by: safecracker4hire
Allowed or not, the email address above demonstrates that single character subnets are being used. Fix or not, that is up to you.... my users are now recieving all emails.

Regards;
by: DJMaze
This bug has been fixed in the CVS.

Snapshots of the sources are packaged every 6 hours; this change
will be in the next snapshot. You can grab the snapshot at the
Downloads section.

Thank you for the report, and for helping us to make CPG-Nuke 9.0.3 -> 9.1 better.
User Info

Welcome Anonymous



(Register)
Community

Support for DragonflyCMS in a other languages:

Deutsch
Español