Project

General

Profile

Actions

Bug #44103

closed

t3lib_div::validEmail() accepts invalid local parts of an email address

Added by Thomas Off almost 12 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
Start date:
2012-12-19
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

In t3lib_div::validEmail() the IDNA converter is used to prepare for international domain names; but as the conversion is applied to the whole email address, umlauts in the local part of an email address also get converted and the email address subsequently is regarded as valid though umlauts are not allowed in the local part according to RFC 5321 where only normal ASCII characters (plus some special characters) are allowed (http://tools.ietf.org/html/rfc5322#section-3.2.3).
To fix the bug, the email address has to be split and only the domain part must be converted using IDNA; the email address is then composed again and validated.


Files

fix_validEmail.diff (289 Bytes) fix_validEmail.diff Diff to fix t3lib_div::validEmail() Thomas Off, 2012-12-19 10:35
Actions #1

Updated by Jigal van Hemert almost 12 years ago

  • Status changed from New to Accepted

http://tools.ietf.org/rfc/rfc6531.txt already accepts non-ASCII characters in mail parts such as mail addresses. But the domain name is indeed safer as IDNA converted.

I think we should keep the local part alone and only encode the domain part.

Can you push the patch to Gerrit? See: http://wiki.typo3.org/Contribution_Walkthrough_Tutorials

Actions #2

Updated by Gerrit Code Review almost 12 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/17330

Actions #3

Updated by Gerrit Code Review almost 12 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17331

Actions #4

Updated by Gerrit Code Review almost 12 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/17331

Actions #5

Updated by Mathias Brodala over 10 years ago

I'd say that this issue is outdated in every possible way:

  1. The code has been changed already to only convert the domain part to Punycode
  2. Since RFC 6531 the local part may also contain pretty much every character.
Actions #6

Updated by Mathias Schreiber almost 10 years ago

  • Status changed from Under Review to Closed
  • Is Regression set to No
Actions

Also available in: Atom PDF