Bug #92531
closed
Email with php method as string is a valid address
100%
Description
- How to reproduce
1. Setup a TYPO3 form with an email field
1. Add email validation
1. Go to the form
1. Enter "${@print(md5(security_test))}" as email address
1. Send the form
1. Form was sent successfully
As it's not a valid email address the email sender (website admin) gets a bounce mail.
This can be done very often to flood the email box.
- How to solve
Add the DNSCheckValidation to the EmailValidator of library (egulias/EmailValidator).
Updated by Georg Ringer about 4 years ago
- Status changed from New to Accepted
- Assignee set to Georg Ringer
Updated by Georg Ringer about 4 years ago
- Status changed from Accepted to In Progress
Updated by Gerrit Code Review about 4 years ago
- Status changed from In Progress to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66179
Updated by Gerrit Code Review about 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66179
Updated by Georg Ringer about 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 7e95ee3a49ca716aed940df032b91c9daa51e1a7.
Updated by
Updated by Mathias Brodala over 3 years ago
- Related to Bug #93890: Move email check in LegacyLinkNotationConverter to the end added