Bug #44103
closed
t3lib_div::validEmail() accepts invalid local parts of an email address
0%
Description
In t3lib_div::validEmail() the IDNA converter is used to prepare for international domain names; but as the conversion is applied to the whole email address, umlauts in the local part of an email address also get converted and the email address subsequently is regarded as valid though umlauts are not allowed in the local part according to RFC 5321 where only normal ASCII characters (plus some special characters) are allowed (http://tools.ietf.org/html/rfc5322#section-3.2.3).
To fix the bug, the email address has to be split and only the domain part must be converted using IDNA; the email address is then composed again and validated.
Files
Updated by Jigal van Hemert over 11 years ago
- Status changed from New to Accepted
http://tools.ietf.org/rfc/rfc6531.txt already accepts non-ASCII characters in mail parts such as mail addresses. But the domain name is indeed safer as IDNA converted.
I think we should keep the local part alone and only encode the domain part.
Can you push the patch to Gerrit? See: http://wiki.typo3.org/Contribution_Walkthrough_Tutorials
Updated by Gerrit Code Review over 11 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/17330
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17331
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17331
Updated by Mathias Brodala over 9 years ago
Updated by Mathias Schreiber over 9 years ago
- Status changed from Under Review to Closed
- Is Regression set to No