Project

General

Profile

Actions
Copy link

Bug #23769

closed

Server crashes calling t3lib_div::validEmail() with a string which has more characters than 2264

Added by Simon Schick about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-10-17
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Hi, all

I'm using the extension formhandler to create some complex forms.
The logs of this extensions are saved in a field which can contain about 65000 characters.

By calling the list-view in the backend each value of a cell from the database-tables is passed to the function "t3lib_div::validEmail()".
This function is using the php-function "filter_var()" to check it it's a valid email.

Please note that this function contains a bug which will be fixed / is fixed in PHP v5.3.4 which is not released now.

Please check the length of the string before you call this php-function by using this information:
http://email.about.com/od/emailbehindthescenes/f/address_length.htm

http://bugs.php.net/bug.php?id=53091
(issue imported from #M16035)

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #23648: Mitigate libpcre recursion crash in email address validationClosedMarcus Krause2010-09-29

Actions
Actions
Copy link
 #1

Updated by Georg Ringer about 14 years ago

see http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ => Vulnerable subcomponent #3: Validation/ Filtering API

Actions
Copy link

Also available in: Atom PDF